Re: [SR-Users] "Create Certificates to be used with Kamailio" changes

Thu, 30 Sep 2010 08:52:30 -0700

I added note about configuring Snom phones to connect over TLS and created a section from that part: 
http://kamailio.org/dokuwiki/doku.php/tls:create-certificates#using_tls_and_the_certificates_with_sip_phones

Also, in my configs I set:

tcp_connection_lifetime=3610
Which is slightly higher than max allowed registration time. Some clients do not reconnect if tcp/tls connection is closed by server. Maybe we should add this one in the wiki as well. 

Cheers,
Daniel

On 9/30/10 5:27 PM, Juha Heinanen wrote:

now that 3.1 has async tls support, i decided (first time ever) to try
to test tls.  things went quite smoothly when i followed  "Create
Certificates to be used with Kamailio" document

http://kamailio.org/dokuwiki/doku.php/tls:create-certificates#using_the_certificates_with_tls

during the process, i fixed a typo in the doc, added two comments to cfg
part:

enable_tls=1
tcp_async=no  # do not include in 3.1
listen=udp:0.0.0.0:5060
listen=tcp:0.0.0.0:5060
listen=tls:0.0.0.0:5061  # not needed in 3.1

and fixed wrong file references in client configurations:

eyebeam: copy the CA certificate (/etc/certs/demoCA/cert.pem) to the Windows PC 
and add it to the Windows certificate store (Start→Control Panel→Internet)

QjSimple: copy the CA certificate (/etc/certs/demoCA/cert.pem) to the
client PC and configure QjSimple to use this CA (“TLS CA file” and
“verify TLS server certificate)

earlier the paths pointed to certs/sip.mydomain.com files, which i think
were wrong.  at least i was not able to get them working.

perhaps someone who is more familiar with tsl stuff could verify the
above changes.

-- juha



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


--
Daniel-Constantin Mierla
http://www.asipto.com


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to