[SR-Users] Using TLS on a load-balancing cluster behind DNS-SRV
Joel Serrano
joel at textplus.com
Wed Oct 3 11:31:39 CEST 2018
Actually. Careful. There are scenarios where just doing that will not work.
The RR headers will have your FQDN most likely if you don’t want to break
reinvites
So for that to work you will need either multiple certs, a wildcard cert,
or a cert with multiple SANs where you include the “pbx.example.com” and “
Kamailio1.example.com” etc.
If you want you can check this issue:
https://github.com/kamailio/kamailio/issues/1581
It’s not related to your question directly but it explains why I’m telling
you this.
Hope it helps.
Best regards,
Joel.
On Tue, Oct 2, 2018 at 12:09 Sergey Basov <sergey.v.basov at gmail.com> wrote:
> Hi Kevin
>
> You need TLS certificate for domain which you will setup on SIP clients to
> connect to.
>
> So if your SIP domain is pbx.example.com and you will provide DNS-SRV
> record for it - then you need TLS certificate for pbx.example.com
> --
> Best regards,
> Sergey Basov e-mail: sergey.v.basov at gmail.com
>
>
> вт, 2 окт. 2018 г. в 12:44, Kevin Olbrich <ko at sv01.de>:
>
>> Hi!
>>
>> Which hostname do I need to request for the certificate when the
>> servers are load-balanced using DNS-SRV?
>> Do I need to get the cert for the DNS-SRV subdomain (without
>> _sip._tls) or for the servers, eg. server0{1,2,3}.pbx.example.com ?
>>
>> Thank you!
>>
>> Kevin
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20181003/1b92279b/attachment.html>
More information about the sr-users
mailing list