[Freeswitch-users] Using multiple SSL certificates
Nathan Neulinger
nneul at mst.edu
Tue Nov 20 23:43:25 UTC 2018
What's the general level of device support for SANs? (i.e. cert with a whole bunch of domains listed in one certificate,
like you can easily do with letsencrypt)
-- Nathan
-------- Original Message --------
From: Brian West
Sent: Tue, Nov 20, 2018 5:32 PM CST
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: [Freeswitch-users] Using multiple SSL certificates
It can really only do one certificate, most devices don't work with wildcard certs so you're SOL and we don't do SNI
that would require some work down in sofia.
On Tue, Nov 20, 2018 at 4:36 PM Kevin Olbrich <ko at sv01.de <mailto:ko at sv01.de>> wrote:
> /Point each profile to the individual directory which contains its specific agent.pem file./
For me, that sounds like "you can use different certs for external and internal". I don't think this means multiple
certs per profile.
Did you verify if your devices can use SNI? If not, this is not possible at all because the URI is sent after TLS
handshake where you already have a connection while SNI does this during handshake.
Kevin
Am Di., 20. Nov. 2018 um 22:29 Uhr schrieb Michael Avers <michael at mailworks.org <mailto:michael at mailworks.org>>:
__
Hi Brian, I found the following excerpt in Confluence's TLS page - is it no longer relevant?
/Multiple Profile TLS//
/
/If you have multiple Sofia SIP profiles, you may find yourself wanting to enable TLS support for each of the
profiles. However, each may be represented to third parties using a different DNS record. In this case, simply
create a new directory under /{prefix}/freeswitch/conf/ssl/ for each DNS record . Then place an agent.pem and
cafile.pem into each of the directories. Point each profile to the individual directory which contains its
specific agent.pem file./
Thank you,
Mike
On Tue, Nov 20, 2018, at 10:07 AM, Brian West wrote:
Not currently.
/b
On Tue, Nov 20, 2018 at 10:16 AM Michael Avers <michael at mailworks.org <mailto:michael at mailworks.org>> wrote:
Hello,
Is there a way to use more than one SSL certificate and have TLS enabled across multiple domains? Is that
something that I would need to use a separate SIP profile for?
Thank you,
Mike
_________________________________________________________________________
Professional FreeSWITCH Services
sales at freeswitch.com <mailto:sales at freeswitch.com>
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com
--
Brian West | Co-founder and Developer
Need Commercial support? email sales at freeswitch.com <mailto:sales at freeswitch.com>
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
Email: brian at freeswitch.com <mailto:brian at freeswitch.com>
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
https://www.facebook.com/signalwireinc?src=email <https://www.facebook.com/freeswitch>
https://twitter.com/freeswitch <https://twitter.com/freeswitch>
___________________________________________________________________________
Professional FreeSWITCH Services
sales at freeswitch.com <mailto:sales at freeswitch.com>
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com
_________________________________________________________________________
Professional FreeSWITCH Services
sales at freeswitch.com <mailto:sales at freeswitch.com>
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com
_________________________________________________________________________
Professional FreeSWITCH Services
sales at freeswitch.com <mailto:sales at freeswitch.com>
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com
--
Brian West | Co-founder and Developer
Need Commercial support? email sales at freeswitch.com <mailto:sales at freeswitch.com>
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
Email: brian at freeswitch.com <mailto:brian at freeswitch.com>
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
https://www.facebook.com/signalwireinc?src=email <https://www.facebook.com/freeswitch> https://twitter.com/freeswitch
<https://twitter.com/freeswitch>
_________________________________________________________________________
Professional FreeSWITCH Services
sales at freeswitch.com
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com
--
------------------------------------------------------------
Nathan Neulinger nneul at mst.edu
Missouri S&T Information Technology (573) 341-6679
System Administrator - Architect (573) 612-1412
System and Desktop Infrastructure Team Manager
More information about the FreeSWITCH-users
mailing list