[Users] user authentication with certificate

Cesc cesc.santa at gmail.com
Sat Oct 15 01:36:52 CEST 2005


Hi,

Minisip (and any other phone that fully supports tls) can do both.
Use TLS as the transport layer, authenticate the server cert against the
locally trusted root certs, and if given a client cert, it will send it to
the server for client authentication (that is, to openser). All this during
the tls handshake.

Now, once tls is established, it is up to the proxy whether it challenges
the client for digest authentication. That is, it is up to you. If you set a
proxy so that it only accepts tls connections, use mutual tls auth for
client and server ... you may choose not to challenge with digest on top of
that. But, as it is of now in ser/openser ... i would still challenge, as
tls is loosely coupled with the subscribers data you have in your database.

Hope it helps,

Cesc

On 10/14/05, Girish Nayak <girish at isphone.net> wrote:
>
> i understand, minisip softphone can initiate TLS connection.
> and it can be authenticated by the openser via digest authentication.
>
> is it possible to use certificate instead of digest authentication?
> --
> Girish
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20051015/4315961e/attachment.htm>


More information about the sr-users mailing list