[Users] OpenSER and Eyebeam 1.5 with TLS

Teemu Harju teemu.harju at gmail.com
Thu May 18 08:00:17 CEST 2006


Now I got the eyeBeam 1.5 working with the OpenSER using TLS for
signaling encryption. I decided to share my experieses in case someone
else will be having similar problems.

First of all you might want to read this quite nice SSL tutorial to
understand what these certificates are all about:
http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/

Then what I did was that I took the root certificate from
/etc/openser/tls/rootCA/cacert.pem and converted it to .crt format. I
don't know if this is neccessary but I did it anyway with the
following command "openssl x509 -in cacert.pem -out cacert.crt".

Then I moved the cacert.crt file to my public web server directory and
loaded it using Internet Explorer. Then I just needed to press
"Install certificate" and remember to store it to the "Trusted Root
Certification Authorities". Then it works... Installing the
certificate did not work with firefox, since it uses different
certificate store. Of course if you don't want to use IE, download the
.crt file and double click it to start the certificate wizard.

- Teemu

On 5/17/06, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
> Christoph Fürstaller wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi Klaus,
> >
> >>> Hi Christoph!
> >>> What is the "cert/key (pk12) for the client"? Is it for TLS client
> >>> authentication (the proxy requests a certificate from eyebeam)?
> >
> > I'm very sorry, I'm not using client authentication. On the OpenSER
> > Website there is an error in the TLS Tutorial. The mentioned parameter
> > tls_verify = 1 is wrong. The correct one is tls_verify_client = 1 (as
> > given in the README file in the sources)
>
> Yes, the web tutorial is not up2date with CVS head.
>
> regards
> klaus
>
> > After I corrected this I get that error:
> > tls_error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer
> > did not return a certificate
> >
> > So my eyeBeam doesn't send a cert. I asked on the counterpath forum and
> > searched the docs, but didn't found something concerning that. So,
> > eyeBeam isn't compatible of that? Anyone knows?
> >
> >>> If yes -  how does eyebeam know which of the available client
> >>> certificates it should use?
> >>> regards
> >>> klaus
> >
> >
> > chris...
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.1 (GNU/Linux)
> >
> > iD8DBQFEaZ9ZR0exH8dhr/YRAhTcAKCsGpyYCLluX8MZuWtMeL2PDwwd8QCgoTul
> > QZQCfeY2QK/+n5z36d6BxCM=
> > =+fL3
> > -----END PGP SIGNATURE-----
>
>



-- 
Teemu Harju
http://www.teemuharju.net




More information about the sr-users mailing list