[sr-dev] CAcert.org root certs in trunk

Daniel-Constantin Mierla miconda at gmail.com
Thu Feb 6 10:28:29 CET 2014


I think that importing the certificate in the repository will add some 
overhead, as we have to periodically check if it was revoked or updated.

Maybe we can add a make target or a script to download and install it on 

Regarding the config options, perhaps is better to add a 
kamailio-secure.cfg for the time being, where to build a config file 
targeting secure deployments. I guess we have to do more changes than 
just few parameter for tls module (or tls config). Over the time, we can 
push parts (or all) in kamailio.cfg.


On 06/02/14 08:25, Olle E. Johansson wrote:
> On 05 Feb 2014, at 18:53, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>> On 05.02.2014 13:37, Olle E. Johansson wrote:
>>> Hi!
>>> I would like to add cacert.org root certificates to the Kamailio distribution, so that every Kamailio server gets these as approved certificates by default with the default TLS settings.
>>> Anyone having problems with doing that?
>> I do not trust cacert anything more than all the commercials CA. Thus I do not want to trust the cacert automatically.
>> What would be fine for is something like that in kamailio.cfg:
>> # remove the comments from the following lines to accept
>> # certificates signed by cacert.org:
>> #modparam("tls", "ca_list", "......cacert.org.pem")
> I can live with that.
> /O
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

More information about the sr-dev mailing list