[Users] TLS SIP domains

Klaus Darilion klaus.mailinglists at pernau.at
Fri Mar 17 09:05:34 CET 2006


Joao Pereira wrote:
> Hello
> I m trying to implement an OpenSER with TLS, and I think the idea is 
> very good and very well explained in the manual ( 
> http://openser.org/docs/tls.html#AEN50 ).
> 
> But can the OpenSER servers negotiate the certificates in real time?

Not sure what you mean. The configuration is static and read once during 
startup. Thus, changing the TLS configuration (add CA certs, ...) 
requires a reboot of openser.

 > Can this trusting scheme be dynamic?
 > or every server needs to have a list of
> domains?
> 
> The list of domains is supposed to be centralized, like a rootCA? Then 
> all our SIP servers must use the same rootCA?

If you want to use TLS to authenticate servers, then the verifying 
server must import the root CA which signed the peer's certificate.

regards
klaus




More information about the Users mailing list