Re: [SR-Users] TLS

Tue, 28 May 2013 01:03:29 -0700 

Hello,

you can set the ca_list file with those ca certificates you want to accept:

http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list
Alternative, you accept all certificates and then use pv conditions to see and restrict the access based on who signed/emitted the client certificate. 

Cheers,
Daniel

On 5/27/13 10:59 PM, Moacir Ferreira wrote:

Thanks for the clarifications.
Now, when we ask the client to have a certificate, where do we control what client certificates will be accepted? I.e.: I don't want any valid certificate to authentcate but only those ones I accept as valid. 

Moacir

> Date: Thu, 23 May 2013 10:34:09 +0200
> From: klaus.mailingli...@pernau.at
> To: mico...@gmail.com; sr-users@lists.sip-router.org
> Subject: Re: [SR-Users] TLS
>
>
>
> On 22.05.2013 11:19, Daniel-Constantin Mierla wrote:
> >>>
> >>> - Finally, do you know any free softphone that implements mutual TLS
> >>> authentication?
> >>
> >> I am not aware of any.
> >
> > Like the softphone authenticating the server based on server certificate? 
>
> MTLS just means, that the TLS server requires a certificate from the TLS 
> client. Thus, between SIP clients and SIP server this merely means that
> not only the client authenticates the proxy, but the proxy also
> authenticates the client based on the client's TLS certificate.
>
> Nice that Jitsi supports it - although I failed to configure Jitsi :-)
> If someone fails configuring TLS for Jitsi, see this howto:
> http://www.resiprocate.org/ReproMutualTLSAuthenticationJitsi#Setting_up_Jitsi 
>
> I just found out that my QjSimple [1] also supports client certificates :-) 
>
>
> regards
> Klaus
>
> [1] http://www.ipcom.at/en/telephony/qjsimple/
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, San Francisco, USA - June 24-27, 2013
  * http://asipto.com/u/katu *


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to