On 09/02/12 01:41, Daniel Pocock wrote: > > > I've been contemplating Daniel's earlier question about using the CAcert > certificates with Lumicall > > sip5060.net should already accept mutual authentication from other > Kamailio instances running with a CAcert certificate > > However, the Lumicall dialer itself will only connect to servers that > are using a cert signed by a root CA trusted within Android. This > applies to both the SIP and STUN over TLS support. >
CAcert.org now supported... Installing Lumicall does not change the trusted CAs for all apps on the phone. It only adds the CACert (class 1 root) for the SIP TLS transport within the app. This means you can use a CAcert.org cert on a Kamailio server, and Lumicall will trust it. On a side note, I've noticed that CAcert.org is allowing subjectAltName (DNSName) within the certs it issues: this is another good reason to use the CAcert.org certs, other CAs are quite awkward (or expensive) for subjectAltName, and it is really useful for running multiple/virtual hosted domains on a single SIP server. I would be interested in any feedback about this, either for the Lumicall app, or the interconnect to/from sip5060.net over TLS _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
