[Freeswitch-users] Using multiple SSL certificates

Andrew Cassidy andrew at cassidywebservices.co.uk
Wed Nov 21 07:03:35 UTC 2018


I asked the same question not long ago. I am using a SAN certificate to
achieve the desired result.

On Wed, 21 Nov 2018, 00:20 Brian West, <brian at freeswitch.com> wrote:

> It can really only do one certificate, most devices don't work with
> wildcard certs so you're SOL and we don't do SNI that would require some
> work down in sofia.
>
> On Tue, Nov 20, 2018 at 4:36 PM Kevin Olbrich <ko at sv01.de> wrote:
>
>> > *Point each profile to the individual directory which contains its
>> specific agent.pem file.*
>>
>> For me, that sounds like "you can use different certs for external and
>> internal". I don't think this means multiple certs per profile.
>>
>> Did you verify if your devices can use SNI? If not, this is not possible
>> at all because the URI is sent after TLS handshake where you already have a
>> connection while SNI does this during handshake.
>>
>> Kevin
>>
>> Am Di., 20. Nov. 2018 um 22:29 Uhr schrieb Michael Avers <
>> michael at mailworks.org>:
>>
>>> Hi Brian, I found the following excerpt in Confluence's TLS page - is it
>>> no longer relevant?
>>> *Multiple Profile TLS*
>>>
>>> *If you have multiple Sofia SIP profiles, you may find yourself wanting
>>> to enable TLS support for each of the profiles. However, each may be
>>> represented to third parties using a different DNS record. In this case,
>>> simply create a new directory under /{prefix}/freeswitch/conf/ssl/ for each
>>> DNS record . Then place an agent.pem and cafile.pem into each of the
>>> directories. Point each profile to the individual directory which contains
>>> its specific agent.pem file.*
>>>
>>> Thank you,
>>> Mike
>>>
>>>
>>>
>>> On Tue, Nov 20, 2018, at 10:07 AM, Brian West wrote:
>>>
>>> Not currently.
>>> /b
>>>
>>>
>>> On Tue, Nov 20, 2018 at 10:16 AM Michael Avers <michael at mailworks.org>
>>> wrote:
>>>
>>> Hello,
>>>
>>> Is there a way to use more than one SSL certificate and have TLS enabled
>>> across multiple domains? Is that something that I would need to use a
>>> separate SIP profile for?
>>>
>>> Thank you,
>>> Mike
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>>
>>>
>>>
>>> --
>>>
>>> Brian West | Co-founder and Developer
>>>
>>> Need Commercial support? email sales at freeswitch.com
>>>
>>> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
>>> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>>
>>> Email: brian at freeswitch.com
>>>
>>> Mobile: 918-424-9378
>>>
>>> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>>
>>> [image: https://www.facebook.com/signalwireinc?src=email]
>>> <https://www.facebook.com/freeswitch> [image:
>>> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>>>
>>> *_________________________________________________________________________*
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>
>
>
> --
>
> Brian West | Co-founder and Developer
>
> Need Commercial support? email sales at freeswitch.com
>
> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>
> Email: brian at freeswitch.com
>
> Mobile: 918-424-9378
>
> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>
> [image: https://www.facebook.com/signalwireinc?src=email]
> <https://www.facebook.com/freeswitch> [image:
> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
> _________________________________________________________________________
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20181121/7ff23c33/attachment-0001.html>


More information about the FreeSWITCH-users mailing list