[Freeswitch-users] TLS and SRTP commercial certs go in which file?

Shaun Stokes shaun.stokes at itec-support.co.uk
Sat Sep 16 09:03:34 UTC 2017


Hi Bipin,

We've found that these are the certs which FreeSWITCH will use, the pem file will need the public and private key (same as your wss cert). You'll also need to make sure the user for FreeSWITCH has read permission to the certs.
agent.pem
dtls-srtp.pem
tls.pem
wss.pem

FreeSWITCH doesn't seem to need the intermediary and root cert of the CA.

Here are some of the TLS parameters you might also want on your SIP profile.

Name: tls
Value: true

Name: tls-bind-params
Value: transport=tls

Name: tls-cert-dir
Value: "Your Cert Directory Path"

Name: tls-sip-port
Value: 5061

Name: tls-verify-date
Value: true

Name: tls-verify-depth
Value: 2

Name: tls-verify-policy
Value: all|subjects_all

Name: tls-version
Value: tlsv1.2


Shaun

From: FreeSWITCH-users [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Bipin Patel
Sent: 16 September 2017 06:49
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] TLS and SRTP commercial certs go in which file?

hi,

no one?

Regards,
Bipin

________________________________
-------- Original Message --------
Subject: [Freeswitch-users] TLS and SRTP commercial certs go in which file?
From: Bipin Patel <bipin at xbipin.com><mailto:bipin at xbipin.com>
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org><mailto:freeswitch-users at lists.freeswitch.org>
Date: 9/15/2017, 3:44:33 PM
hi,

when i setup verto on my server i used commercial certificates with wss.pem containing the following and all that works brilliant:
-----BEGIN CERTIFICATE-----
<lots of gibberish from the actual certificate>
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
<lots of gibberish from the actual certificate>
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<lots of gibberish from the intermediate certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<even more gibberish from the root certificate>
-----END CERTIFICATE-----

now i want to use the same certificate for TLS and SRTP and i was reading the docs and it mentioned to create a agent.pem file with the actual server cert and key but where do i copy the intermediatory and root cert of the CA, which folders do both go in and with what filename?

any help is appreciated

--
Regards,
Bipin

________________________________




_________________________________________________________________________

Professional FreeSWITCH Consulting Services:

consulting at freeswitch.org<mailto:consulting at freeswitch.org>

http://www.freeswitchsolutions.com



Official FreeSWITCH Sites

http://www.freeswitch.org

http://confluence.freeswitch.org

http://www.cluecon.com



FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org


______________________________________________________________________
This message has been checked for all known viruses by MessageLabs Virus Scanning Service.
______________________________________________________________________
[http://www.itec-support.co.uk/wp-content/uploads/2016/07/email_logo.jpg]
Shaun Stokes - Infrastructure Analyst

T :     01453 700713
E :     shaun.stokes at itec-support.co.uk
W :     www.itec-support.co.uk

Registered Address :- ITEC Support, Suite 2 Prospect House, Bath Road, Stroud, Gloucestershire GL5 3QF
Company No. 06908001

CONFIDENTIALITY NOTICE
This communication and the information it contains are intended for the person or organisation to which it is addressed. Its contents are confidential and may be protected in law. Unauthorised use, copying or disclosure of any of it may be unlawful. If you are not the intended recipient, please contact us immediately.
The contents of any attachments in this e-mail may contain software viruses, which could damage your own computer system. While ITEC Support has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checking procedure before opening any attachment.

______________________________________________________________________
This message has been checked for all known viruses by  MessageLabs Virus Scanning Service.
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170916/2c7b829b/attachment-0001.html>


More information about the FreeSWITCH-users mailing list