[SR-Users] Use different certificate for different client with TLS

[Daniel GROTTI]

Hi all,
I would like to use kamailio 3.1 with TLS and verified also a client
certificate.

My tls.cfg file is as follow:


--- tls.cfg ----

.....
.....

[server:MY_IP:5061]
method = TLSv1
verify_certificate = yes
require_certificate = yes
private_key = default_key.pem
certificate = default_cert.pem
ca_list = default_ca.pem

[client:default]
verify_certificate = no
require_certificate = no

....
....


So I want to verify the client certificate, to do that I use
"is_peer_verified()" function in kamailio.cfg.
As tls.cfg shows, I have to send to my clients the CA certificate and
the client certificate (default_cert.pem + default_key.pem - signing
by the CAcert).
This client certificate is unique for all clients.
Everything works fine.

But suppose I wanted to create a client certificate for client 1
(cert_1.crt), and a different client certificate for client 2
(cert_2.crt) and I want to configure kamailio to be able to verified
this different certificates.

Does it possible ? How can I configure the tls.cfg file to do that ?

I try to do something like this:

[server:MY_IP:5061]
method = TLSv1
verify_certificate = yes
require_certificate = yes
private_key = default_key_1.pem
certificate = default_cert_1.pem
private_key = default_key_2.pem
certificate = default_cert_2.pem
ca_list = default_ca.pem


But when kamailio restart it seems that it read only the last couple
of row certifcate/private_key.

Regards,


Daniel G