[Users] TLS SIP domains
joao.pereira at fccn.pt
Fri Mar 17 16:25:26 CET 2006
>If you want to use TLS to authenticate servers, then the verifying
server must import the root CA which signed the peer's certificate.
Ok, but if you call me, where is my server going to download the
certificate that signed your server ? From a central Certification
One other thing: does OpenSER supports 1024 bits certificates? or just
Klaus Darilion wrote:
> Joao Pereira wrote:
>> I m trying to implement an OpenSER with TLS, and I think the idea is
>> very good and very well explained in the manual (
>> http://openser.org/docs/tls.html#AEN50 ).
>> But can the OpenSER servers negotiate the certificates in real time?
> Not sure what you mean. The configuration is static and read once
> during startup. Thus, changing the TLS configuration (add CA certs,
> ...) requires a reboot of openser.
> > Can this trusting scheme be dynamic?
> > or every server needs to have a list of
>> The list of domains is supposed to be centralized, like a rootCA?
>> Then all our SIP servers must use the same rootCA?
> If you want to use TLS to authenticate servers, then the verifying
> server must import the root CA which signed the peer's certificate.
More information about the sr-users