[SR-Users] CAcert root in Lumicall
Daniel Pocock
daniel at pocock.com.au
Thu Feb 9 17:21:25 CET 2012
On 09/02/12 01:41, Daniel Pocock wrote:
>
>
> I've been contemplating Daniel's earlier question about using the CAcert
> certificates with Lumicall
>
> sip5060.net should already accept mutual authentication from other
> Kamailio instances running with a CAcert certificate
>
> However, the Lumicall dialer itself will only connect to servers that
> are using a cert signed by a root CA trusted within Android. This
> applies to both the SIP and STUN over TLS support.
>
CAcert.org now supported...
Installing Lumicall does not change the trusted CAs for all apps on the
phone. It only adds the CACert (class 1 root) for the SIP TLS transport
within the app. This means you can use a CAcert.org cert on a Kamailio
server, and Lumicall will trust it.
On a side note, I've noticed that CAcert.org is allowing subjectAltName
(DNSName) within the certs it issues: this is another good reason to use
the CAcert.org certs, other CAs are quite awkward (or expensive) for
subjectAltName, and it is really useful for running multiple/virtual
hosted domains on a single SIP server.
I would be interested in any feedback about this, either for the
Lumicall app, or the interconnect to/from sip5060.net over TLS
More information about the sr-users
mailing list