17 Feb
2012
17 Feb
'12
1:01 p.m.
Hi All,
Does it possible on tls module require certificates only some hosts?
My kamailio comunicate with several UA clients (Softphones and IP phones)
and one SIP gateway. I want require certificate only gateway SIP, it's
possible?
The parameter *modparam("tls", "require_certificate", 1)* require
certificate of all clients...
Best Regards
17 Feb
17 Feb
1:40 p.m.
On 17/02/12 19:01, Bruno Bresciani wrote:
Hi All,
Does it possible on tls module require certificates only some hosts?
Yes, you have at least two options:
a) just set the require_certificate 0 option - make sure your client
still sends it's cert even when it is not demanded - and in your
kamailio.cfg, your route logic will need to check whether a certificate
was used by the client
b) looking in tls.cfg, it appears you can set up different ports with
different TLS policies, so the clients that must send a cert could be
connecting to a port with a stricter configuration
2:34 p.m.
Thanks Daniel
but I have some problems...
a) my SIP gateway doesn't send the certificate when it isn't demanded...
b) I was reading about TLS specific config file (tls.cfg), but my
requirements doesn't allow to configure differents TLS ports.
Do you have other idea?
Best Regards
2012/2/17 Daniel Pocock <daniel(a)pocock.com.au>
On 17/02/12 19:01, Bruno Bresciani wrote:
Hi All,
Does it possible on tls module require certificates only some hosts?
Yes, you have at least two options:
a) just set the require_certificate 0 option - make sure your client
still sends it's cert even when it is not demanded - and in your
kamailio.cfg, your route logic will need to check whether a certificate
was used by the client
b) looking in tls.cfg, it appears you can set up different ports with
different TLS policies, so the clients that must send a cert could be
connecting to a port with a stricter configuration
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
18 Feb
18 Feb
3:11 a.m.
On 17/02/12 20:34, Bruno Bresciani wrote:
Thanks Daniel
but I have some problems...
a) my SIP gateway doesn't send the certificate when it isn't demanded...
b) I was reading about TLS specific config file (tls.cfg), but my
requirements doesn't allow to configure differents TLS ports.
Do you have other idea?
Not really - if you enable the config option to demand a certificate,
then every device will have to send a cert (which is not such a bad
idea, but I'm guessing you have some devices that can't do so?)
22 Feb
22 Feb
10:53 a.m.
yes Daniel, unfortunately I have some devices that can't send a cert...
Best Regards
Em 18 de fevereiro de 2012 05:11, Daniel Pocock <daniel(a)pocock.com.au>escreveucreveu:
On 17/02/12 20:34, Bruno Bresciani wrote:
Thanks Daniel
but I have some problems...
a) my SIP gateway doesn't send the certificate when it isn't demanded...
b) I was reading about TLS specific config file (tls.cfg), but my
requirements doesn't allow to configure differents TLS ports.
Do you have other idea?
Not really - if you enable the config option to demand a certificate,
then every device will have to send a cert (which is not such a bad
idea, but I'm guessing you have some devices that can't do so?)
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
4691
days inactive
4696
days old
4 comments
2 participants
participants (2)
-
Bruno Bresciani -
Daniel Pocock