[SR-Users] Kamailio TLS with intermediate CA certificates
Olle E. Johansson
oej at edvina.net
Mon Jan 30 08:58:47 CET 2012
29 jan 2012 kl. 22:27 skrev Daniel Pocock:
>
>
> On 29/01/12 21:47, Iñaki Baz Castillo wrote:
>> 2012/1/29 Daniel Pocock <daniel at pocock.com.au>:
>>> It's a little bit different in Apache, where the user specifies a file
>>> containing intermediate certs - many of the CAs give instructions for
>>> adding that file in Apache, but they make no mention of
>>> OpenSSL/Kamailio/concatenating everything, so I imagine people will get
>>> stuck on things like this
>>
>> If your certificate is not signed by a root CA then you will be also
>> provided with an intermediary certificate which is signed by a root
>> CA, and that intermediary certificate validates yours.
>>
>> So to use it, you must take your public certificate and the
>> intermediate certificate in PEM format and concatenate both, having
>> your public certificate at the top of the resulting file.
>>
>
> Yes, that is exactly what I described in my original post - it is
> working fine too
>
> I notice that Asterisk needs to be patched to do it the way Kamailio does:
>
> https://issues.asterisk.org/jira/browse/ASTERISK-17727
The Asterisk TCP/TLS implementation is marked experimental for a reason. And it's been that way for many years.
/O
More information about the sr-users
mailing list