[Users] Re: [Devel] Please help for Building TLS in openser1.1.0-tls_src.tar.gz

Klaus Darilion klaus.mailinglists at pernau.at
Mon Jul 17 18:08:04 CEST 2006 

Ferianto siregar wrote:
> Dear all,
>  
> First, My special thanks to Bogdan who has helped me to solve my problem 
> in building my openser system and Thank you very much to all the users 
> in this forum. Thanks.
> I use openser.1.1.0-tls_src.tar.gz. I have built it as shown in the 
> installation guide from openser website. In my openser system, I plan to 
> build TLS, so I build it by using command:
> # make TLS=1 all
> # make TLS=1 install
>  
> The installation progress run without any error. But, I have some 
> questions about the installation. They are:
> 1. How can I check the TLS in my system? I mean How I check whether it 
> has built correctly or not.

If there are no error messages during building it should be fine.
You can also use "openser -V" to see the build options:

server1:~# openser -V
version: openser 1.1.0-tls (i386/linux)
flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE, USE_MCAST, 
SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.


> 2. Can I test it before I configure the openser.cfg file? or I must 
> configure it first?

You have to configure it first. But the default openser.cfg should allow 
to start openser. To test TLS you have to add some TLS configuration. 
Please read the TLS README for this purpose. And also increase the debug 
level and watch syslog messages for TLS errors during openser startup.

> 3. About the certificate, If I use the default certificate (which comes 
> in the packet), how can I configure the certificate for tls_certificate, 
> tls_private_key, and tls_ca_list. Do  I need any configuration or I just 
> enable it by deleting the "#" character)?

Just enable it. Just make sure that the path is correct (it should be, 
but you never know ...)

> Because as I shown from any massages in this forum, everybody who sent 
> their openser.cfg file, use their own certificate.

Of course for a real production setup you will use your own 
certificates. Don't trust a demo CA. Only trust well known CAs (verisign 
... ) or make yourself a CA which signs the certificates.

> But,in this case, I don`t have any certificates because I don`t know how 
> to get it (should I buy it or not)

It depends. Currently TLS is mostly used on private environments. Here 
you won't pay for certificates as self-made certificates are adequate. 
Just google for certificate and SSL/TLS howtos. The basics are the same 
for web servers and SIP proxies.

>  
> I do hope anybody can help me. So, my problem in understanding TLS 
> system can be decreased. Please help me...Please

Read the TLS README and play around. Use ssldump to debug. Increase the 
loglevel and watch syslog error messages, ...

http://openser.org/docs/tls.html

regards
klaus


>  
> Thanks with cheers
>  
>  
>  
> Ferianto
>  
> 
> ------------------------------------------------------------------------
> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great 
> rates starting at 1¢/min. 
> <http://us.rd.yahoo.com/mail_us/taglines/postman7/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com>
> 
> 
>  <http://us.rd.yahoo.com/mail_us/taglines/postman7/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com>
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
>  <http://us.rd.yahoo.com/mail_us/taglines/postman7/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com>

More information about the Users mailing list