[Freeswitch-users] Using multiple SSL certificates

Kevin Olbrich ko at sv01.de
Tue Nov 20 20:53:27 UTC 2018 

Hi!

SNI (Server Name Indication), part of TLS could do this but I would not bet
that phones actually send this.
If you are able to host on different IPs, it would work with internal +
external profiles:

  <!--
      SIP and TLS settings.
  -->
  <X-PRE-PROCESS cmd="set" data="sip_tls_version=sslv23"/>

  <!-- Internal SIP Profile -->
  <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
  <X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
  <X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/>
  <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=false"/>
  <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>

  <!-- External SIP Profile -->
  <X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/>
  <X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/>
  <X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/>
  <X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
  <X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/>


At least for 1.6.x I am not aware of multi cert for same profile, docs for
1.8.x are limited (as the users does not know what he does not know ;-) )
Maybe nginx can also solve this as a transparent proxy. I did something
like this using Kamailio for a large cluster setup.

Kevin

Am Di., 20. Nov. 2018 um 18:30 Uhr schrieb Michael Avers <
michael at mailworks.org>:

> Hello,
>
> Is there a way to use more than one SSL certificate and have TLS enabled
> across multiple domains? Is that something that I would need to use a
> separate SIP profile for?
>
> Thank you,
> Mike
>
> _________________________________________________________________________
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20181120/d588ee42/attachment.html>

More information about the FreeSWITCH-users mailing list