[Freeswitch-users] Question about Exporting the cacaert.pem for client devices
Mitch Capper
mitch.capper at gmail.com
Sat Sep 8 06:08:40 MSD 2012
Sure so the cafile.pem should only contain a "BEGIN CERTIFICATE" and
"END CERTIFICATE" block no PRIVATE KEY. You can copy this file and
most clients will expect a .crt file, you can just rename it from
cafile.pem to ca.crt. As for loading it into a specific client that
will depend on the sip client. If its a softphone it may trust any CA
installed in the windows certificate store, in which case you can
double click and open the .crt file in windows and just import it.
Otherwise search for the phone and "server certificate" or "ca
certificate" and import and it should have details.
~Mitch
On Fri, Sep 7, 2012 at 12:26 PM, Andrew Carrega <acarrega at vartel.com> wrote:
> I followed the Freeswitch wiki for enabling tls & srtp on Freeswitch. I have
> it enabled on my internal and external profiles and both profiles are
> starting up just fine.
>
> I can review my certificate details with the command:
>
> openssl x509 -noout -inform pem -text -in
> /usr/local/freeswitch/conf/ssl/agent.pem
>
>
>
> I am not at this section of the wiki where it says the clients should have
> at least the CA root certificate.
>
> Clients should all have at least the CA root certificate installed onto them
> in order to ensure security. Without enabling chain verification (that the
> server certificate was issued by the approved CA) a MITM attack is possible
> against a client. The CA certificate is the conf/ssl/cafile.pem it contains
> only a certificate and clients use it to ensure the server certificate is
> issued by the CA.
>
>
>
> Where I am stuck is understanding how to export or download the cacert.pem
> from the server? I seem to don’t understand the process or tools to use and
> I can’t seem to access /usr/local/freeswitch/conf/ssl directory or the
> /usr/local/freeswitch/conf/ssl/CA from root.
>
>
>
> Any help is appreciated.
>
>
>
>
>
>
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list