16 Feb
2014
16 Feb
'14
3:03 a.m.
On 16 Feb 2014, at 03:22, info(a)vintageelectronics.ca wrote:
I was going by this tutorial - it said that default
certs should suffice:
http://kb.asipto.com/kamailio:skype-like-service-in-less-than-one-hour
On 02/15/2014 07:34 PM, Corey Edwards wrote:
>
> On Fri, Feb 14, 2014 at 7:35 PM, <info(a)vintageelectronics.ca> wrote:
> Testing in the same box for now with the goal to at least get it working within one
machine.
> Do you mean that TLS will not work with the cert/key shipped with kamailio?
>
> I've never tried. A default key would not be very secure, but if you have a valid
certificate and key it should work.
>
The default certificates are self-signed. A client may not recognize these as trustworthy,
policy may claim that only certificates signed by a well-known CA that the client has root
certificates for is trusted, so the TLS connection will not be completed.
If the client sets up a TLS connection anyway, that's fine. There will be encryption,
but no authentication. The client should not show any lock in this case or in any way
indicate a "secure" connection to the server. The connection should not be
trusted for exchange of media encryption keys or any other confidential data.
/O
--
* Olle E. Johansson - oej(a)edvina.net
* Kamailio & SIP Masterclass Miami FL, Oxford UK and Malaga, Spain this spring!
* http://edvina.net/training/