[SR-Users] CAcert root in Lumicall

Daniel Pocock daniel at pocock.com.au
Thu Feb 9 17:21:25 CET 2012



On 09/02/12 01:41, Daniel Pocock wrote:
> 
> 
> I've been contemplating Daniel's earlier question about using the CAcert
> certificates with Lumicall
> 
> sip5060.net should already accept mutual authentication from other
> Kamailio instances running with a CAcert certificate
> 
> However, the Lumicall dialer itself will only connect to servers that
> are using a cert signed by a root CA trusted within Android.  This
> applies to both the SIP and STUN over TLS support.
> 

CAcert.org now supported...

Installing Lumicall does not change the trusted CAs for all apps on the
phone.  It only adds the CACert (class 1 root) for the SIP TLS transport
within the app.  This means you can use a CAcert.org cert on a Kamailio
server, and Lumicall will trust it.

On a side note, I've noticed that CAcert.org is allowing subjectAltName
(DNSName) within the certs it issues: this is another good reason to use
the CAcert.org certs, other CAs are quite awkward (or expensive) for
subjectAltName, and it is really useful for running multiple/virtual
hosted domains on a single SIP server.

I would be interested in any feedback about this, either for the
Lumicall app, or the interconnect to/from sip5060.net over TLS




More information about the sr-users mailing list