[SR-Users] TLS

Daniel-Constantin Mierla miconda at gmail.com
Tue May 28 10:03:14 CEST 2013 

Hello,

you can set the ca_list file with those ca certificates you want to accept:

http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list

Alternative, you accept all certificates and then use pv conditions to 
see and restrict the access based on who signed/emitted the client 
certificate.

Cheers,
Daniel

On 5/27/13 10:59 PM, Moacir Ferreira wrote:
> Thanks for the clarifications.
>
> Now, when we ask the client to have a certificate, where do we control 
> what client certificates will be accepted?
> I.e.: I don't want any valid certificate to authentcate but only those 
> ones I accept as valid.
>
> Moacir
>
> > Date: Thu, 23 May 2013 10:34:09 +0200
> > From: klaus.mailinglists at pernau.at
> > To: miconda at gmail.com; sr-users at lists.sip-router.org
> > Subject: Re: [SR-Users] TLS
> >
> >
> >
> > On 22.05.2013 11:19, Daniel-Constantin Mierla wrote:
> > >>>
> > >>> - Finally, do you know any free softphone that implements mutual TLS
> > >>> authentication?
> > >>
> > >> I am not aware of any.
> > >
> > > Like the softphone authenticating the server based on server 
> certificate?
> >
> > MTLS just means, that the TLS server requires a certificate from the 
> TLS
> > client. Thus, between SIP clients and SIP server this merely means that
> > not only the client authenticates the proxy, but the proxy also
> > authenticates the client based on the client's TLS certificate.
> >
> > Nice that Jitsi supports it - although I failed to configure Jitsi :-)
> > If someone fails configuring TLS for Jitsi, see this howto:
> > 
> http://www.resiprocate.org/ReproMutualTLSAuthenticationJitsi#Setting_up_Jitsi
> >
> > I just found out that my QjSimple [1] also supports client 
> certificates :-)
> >
> >
> > regards
> > Klaus
> >
> > [1] http://www.ipcom.at/en/telephony/qjsimple/
> >
> > _______________________________________________
> > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> > sr-users at lists.sip-router.org
> > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, San Francisco, USA - June 24-27, 2013
   * http://asipto.com/u/katu *

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20130528/a1be253a/attachment.html>

More information about the sr-users mailing list