[Freeswitch-users] Question about Exporting the cacaert.pem for client devices

Andrew Carrega acarrega at vartel.com
Fri Sep 7 23:26:47 MSD 2012


I followed the Freeswitch wiki for enabling tls & srtp on Freeswitch. I have it enabled on my internal and external profiles and both profiles are starting up just fine.
I can review my certificate details with the command:
openssl x509 -noout -inform pem -text -in /usr/local/freeswitch/conf/ssl/agent.pem

I am not at this section of the wiki where it says the clients should have at least the CA root certificate.
Clients should all have at least the CA root certificate installed onto them in order to ensure security. Without enabling chain verification (that the server certificate was issued by the approved CA) a MITM attack is possible against a client. The CA certificate is the conf/ssl/cafile.pem it contains only a certificate and clients use it to ensure the server certificate is issued by the CA.

Where I am stuck is understanding how to export or download the cacert.pem from the server? I seem to don't understand the process or tools to use and I can't seem to access /usr/local/freeswitch/conf/ssl  directory or the /usr/local/freeswitch/conf/ssl/CA from root.

Any help is appreciated.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120907/3bc1d988/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list