[Freeswitch-users] So you wanna setup your own CA for WSS/SSL/TLS?
William King
william.king at quentustech.com
Fri Jul 25 22:53:27 MSD 2014
One correction inline, and did you have any luck getting chrome to work
with the custom CA?
William King
Senior Engineer
Quentus Technologies, INC
1037 NE 65th St Suite 273
Seattle, WA 98115
Main: (877) 211-9337
Office: (206) 388-4772
Cell: (253) 686-5518
william.king at quentustech.com
On 07/25/2014 08:12 AM, Brian West wrote:
> Someone should probably turn this into a nice how-to:
>
> Here is how I did it.
>
> wget http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz
> tar zxfv ssl.ca-0.1.tar.gz
> cd ssl.ca-0.1/
> perl -i -pe 's/md5/sha1/g' *.sh
> perl -i -pe 's/2048/2048/g' *.sh
This is a noop. I assume it was suppose to be /2048/4096/ or /1024/2048/
> ./new-root-ca.sh
> ./new-server-cert.sh self.bkw.org <http://self.bkw.org>
> ./sign-server-cert.sh self.bkw.org <http://self.bkw.org>
> cat self.bkw.org.crt self.bkw.org.key > /usr/local/freeswitch/certs/wss.pem
>
> Setup Apache:
>
> default-ssl:
>
> SSLCertificateFile /usr/local/freeswitch/certs/wss.pem
> SSLCertificateKeyFile /usr/local/freeswitch/certs/wss.pem
> SSLCertificateChainFile /usr/local/freeswitch/certs/wss.pem
>
> Setup Sofia TLS:
>
> cat self.bkw.org.crt self.bkw.org.key >
> /usr/local/freeswitch/certs/agent.pem
> cat ca.crt > /usr/local/freeswitch/certs/cafile.pem
>
> vars.xml:
>
> <X-PRE-PROCESScmd="set"data="internal_ssl_enable=true"/>
> <X-PRE-PROCESScmd="set"data="external_ssl_enable=true"/>
>
> Restart FreeSWITCH.
>
> Now make sure your system has ca.crt imported so it will trust your new
> found hotness.
>
> TEST:
>
> openssl s_client -connect self.bkw.org:443 <http://self.bkw.org:443>
> openssl s_client -connect self.bkw.org:8082 <http://self.bkw.org:8082>
>
>
> Depending on what you've setup you'll see:
>
> subject=/C=US/ST=Oklahoma/L=McAlester/O=Tonka Truck/OU=Secure Web
> Server/CN=self.bkw.org/emailAddress=brian at bkw.org
> <http://self.bkw.org/emailAddress=brian@bkw.org>
>
> issuer=/C=US/ST=Oklahoma/L=McAlester/O=Whizzzzzzy Bang
> Bang/OU=Certification Services Division/CN=WBB Root
> CA/emailAddress=brian at bkw.org <mailto:brian at bkw.org>
>
> Or there abouts.
>
> --
>
> */Brian West/*
> brian at freeswitch.org <mailto:brian at freeswitch.org>
>
>
> */Twitter: @FreeSWITCH , @briankwest/*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x1DD0C305.asc
Type: application/pgp-keys
Size: 30859 bytes
Desc: not available
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140725/bffc4128/attachment-0001.bin
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list