[SR-Users] "Create Certificates to be used with Kamailio" changes
Juha Heinanen
jh at tutpro.com
Thu Sep 30 17:27:39 CEST 2010
now that 3.1 has async tls support, i decided (first time ever) to try
to test tls. things went quite smoothly when i followed "Create
Certificates to be used with Kamailio" document
http://kamailio.org/dokuwiki/doku.php/tls:create-certificates#using_the_certificates_with_tls
during the process, i fixed a typo in the doc, added two comments to cfg
part:
enable_tls=1
tcp_async=no # do not include in 3.1
listen=udp:0.0.0.0:5060
listen=tcp:0.0.0.0:5060
listen=tls:0.0.0.0:5061 # not needed in 3.1
and fixed wrong file references in client configurations:
eyebeam: copy the CA certificate (/etc/certs/demoCA/cert.pem) to the Windows PC and add it to the Windows certificate store (Start→Control Panel→Internet)
QjSimple: copy the CA certificate (/etc/certs/demoCA/cert.pem) to the
client PC and configure QjSimple to use this CA (“TLS CA file” and
“verify TLS server certificate)
earlier the paths pointed to certs/sip.mydomain.com files, which i think
were wrong. at least i was not able to get them working.
perhaps someone who is more familiar with tsl stuff could verify the
above changes.
-- juha
More information about the sr-users
mailing list