[SR-Users] TLS questions
Daniel-Constantin Mierla
miconda at gmail.com
Thu Jun 13 09:05:37 CEST 2013
Hello,
On 6/12/13 3:50 PM, Fabian Borot wrote:
> Hi, please help me out with these questions:
>
> Is it possible to configure kamailio to use different certificates, one per peer? Do we just add them to the same "calist.pem" file?
look at tls.cfg structure, you can define sections for various cases of
acting as client or server.
>
> Is is possible to configure kamailio to accept a certificate from another device? I mean instead of Kamailio creating the certificate/key and give it to customer/provider. If that is the case, do we also add it to the "calist.pem" file as well?
>
> If all the above is true, what happens when the certificates have different expiration dates?
>
The clients can be required to present a certificate. The certificate
can be generated by anyone, then it is up to your configuration to
require validation inside the library (which will be done base on
trusted CA list) or let it go to config and then use variables to check
various attributes of the certificate.
Cheers,
Daniel
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, San Francisco, USA - June 24-27, 2013
* http://asipto.com/u/katu *
More information about the sr-users
mailing list