[SR-Users] CAcert root in Lumicall
Daniel Pocock
daniel at pocock.com.au
Thu Feb 9 23:52:39 CET 2012
On 09/02/12 21:49, Daniel-Constantin Mierla wrote:
> Hello,
>
> On 2/9/12 5:21 PM, Daniel Pocock wrote:
>>
>> On 09/02/12 01:41, Daniel Pocock wrote:
>>>
>>> I've been contemplating Daniel's earlier question about using the CAcert
>>> certificates with Lumicall
>>>
>>> sip5060.net should already accept mutual authentication from other
>>> Kamailio instances running with a CAcert certificate
>>>
>>> However, the Lumicall dialer itself will only connect to servers that
>>> are using a cert signed by a root CA trusted within Android. This
>>> applies to both the SIP and STUN over TLS support.
>>>
>> CAcert.org now supported...
> nice...
>>
>> Installing Lumicall does not change the trusted CAs for all apps on the
>> phone. It only adds the CACert (class 1 root) for the SIP TLS transport
>> within the app. This means you can use a CAcert.org cert on a Kamailio
>> server, and Lumicall will trust it.
>>
>> On a side note, I've noticed that CAcert.org is allowing subjectAltName
>> (DNSName) within the certs it issues: this is another good reason to use
>> the CAcert.org certs, other CAs are quite awkward (or expensive) for
>> subjectAltName, and it is really useful for running multiple/virtual
>> hosted domains on a single SIP server.
>>
>> I would be interested in any feedback about this, either for the
>> Lumicall app, or the interconnect to/from sip5060.net over TLS
> is it available for download out of the android market? I have an
> android phone (I guess it is 2.2), but haven't connected it to the
> market -- I guess I can just use my gmail account for that, still I
> would take the direct download alternative first, if available (the
> phone has a settings that allow installation of "untrusted source"
> applications).
I've put it on the site for you to download:
http://www.lumicall.org/download
Android 2.2 is probably the minimum version supported
>
> I can try it with my kamailio over tls, not sure when exactly I will
> have the time for it in the next days.
>
If you don't want to register for the SIP5060 service, you can just put
dummy values in the registration form, it will then let you get to the
menu and add your own SIP details
More information about the sr-users
mailing list