[Users] OpenSER and Eyebeam 1.5 with TLS

Klaus Darilion klaus.mailinglists at pernau.at
Tue May 16 11:10:24 CEST 2006 

Christoph Fürstaller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> I can confirm that. Just tried eyeBeam with Openser (1.1.0-dev17-tls)
> I had to import the cert of the CA (pem) which signed the cert for the
> server and I also imported the cert/key (pk12) for the client. Works
> well. Import it as Klaus described it.

Hi Christoph!

What is the "cert/key (pk12) for the client"? Is it for TLS client 
authentication (the proxy requests a certificate from eyebeam)?

If yes -  how does eyebeam know which of the available client 
certificates it should use?

regards
klaus


> 
> For proxy I had to specify the port on which it is listening. eyeBeam
> doesnt automatically tries 5061.
> 
> chris...
> 
> Klaus Darilion wrote:
>> Windows can import .pem. You only have to use "*.*" as filer filter when
>> importing the certificate. Then double click on the .pem file.
>>
>> regards
>> klaus
>>
>> Teemu Harju wrote:
>>
>>> Hi,
>>>
>>> I've been trying to get OpenSER to work with Eyebeam 1.5 using TLS,
>>> but I always get a certificate error. I've created certificates using
>>> "gen_rootCA.sh" and "gen_usercert.sh" scripts. Which of these
>>> certificates I should store to the machine running the eyebeam client?
>>>
>>> Eyebeam requires the certificate to be stored to the computers "root
>>> certificate store". This is what the user manual says...
>>>
>>> "When using TLS, you must have the root certificate that signs the
>>> proxy's chain of certificates. The certificates must be stored on the
>>> eyeBeam computer, in the root certificate store."
>>>
>>> I think I've figured out how to import a new certificate to Windows
>>> XP, but by default it does not support .pem files. I've changed the
>>> extension to .crt since that is what Windows recognises, but this
>>> doesn't seem to help. Somehow the certificate just does not appear to
>>> the root certificate store.
>>>
>>> What certificate I should put to the client machine? Do I also need to
>>> use the private key generated by "gen_usercert.sh" for something on
>>> the client side?
>>>
>>> BR,
>>>
>>> Teemu
>>>
>>> -- 
>>> Teemu Harju
>>> http://www.teemuharju.net
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> 
> iD8DBQFEaZIYR0exH8dhr/YRAu9/AKDOhTpT/o1DkOYk/7s+fDvCofVzdgCfcLXS
> FLwcjKjvQ6y56oJEwsqxZdQ=
> =QAdP
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users

More information about the sr-users mailing list