Hello,
On 6/12/13 3:50 PM, Fabian Borot wrote:
Hi, please help me out with these questions:
Is it possible to configure kamailio to use different certificates, one per peer? Do we just add them to the same "calist.pem" file?
look at tls.cfg structure, you can define sections for various cases of acting as client or server.
Is is possible to configure kamailio to accept a certificate from another device? I mean instead of Kamailio creating the certificate/key and give it to customer/provider. If that is the case, do we also add it to the "calist.pem" file as well?
If all the above is true, what happens when the certificates have different expiration dates?
The clients can be required to present a certificate. The certificate can be generated by anyone, then it is up to your configuration to require validation inside the library (which will be done base on trusted CA list) or let it go to config and then use variables to check various attributes of the certificate.
Cheers, Daniel