[Freeswitch-users] TLS setup

Ramesh Kandasamy ramelcom at gmail.com
Wed Jun 24 17:23:20 UTC 2020


Thanks Nathan.

I am using FS 1.8.5. I used server cert (with chain) and private key in
agent.pem and root CA certs in cacert.pem and cafile.pem.
Is root CA not needed here? I have configured the root CA cert @ the SIP
B2BUA am using.
I am new to TLS so please bear with me if these are basic questions.

Thanks
Ramesh

On Tue, Jun 23, 2020 at 9:58 AM Ramesh Kandasamy <ramelcom at gmail.com> wrote:

> Thanks Nathan.
>
> I am using FS 1.8.5. I used server cert (with chain) and private key in
> agent.pem and root CA certs in cacert.pem and cafile.pem.
> Is root CA not needed here? I have configured the root CA cert @ the SIP
> B2BUA am using.
> I am new to TLS so please bear with me if these are basic questions.
>
> Thanks
> Ramesh
>
> On Tue, Jun 23, 2020 at 6:43 AM Nathan Stratton <nathan at robotics.net>
> wrote:
>
>> Sure, I am using 3rd party cert from comodo. I just did the following:
>>
>> cat {privatekey} > tls.pem
>> cat {cert} >> tls.pem
>> cat {chain} >> tls.pem
>>
>> Make sure that in your sip_profiles that use TLS that you have
>> tls-cert-dir pointing to your tls.pem directory.
>>
>> BTW, the same works for wss.pem
>>
>> ><>
>> nathan stratton
>>
>>
>> On Mon, Jun 22, 2020 at 10:56 PM ramelcom <ramelcom at gmail.com> wrote:
>>
>>> Hi,
>>> I am trying to setup TLS in FreeSWITCH. In my usecase, FS acts as a
>>> server
>>> and another SIP B2BUA acts as the client. I was able to successfully
>>> setup
>>> the TLS if I generate the certificates at FS and configure with those.
>>> However, if I want to use server certificate generated and signed by 3rd
>>> party, it doesn't work. I added server certificate as agent.pem and root
>>> CA
>>> as cacert.pem and cafile.pem. Also, I am configuring the root CA at SIP
>>> B2BUA side. When SIP B2BUA sends Client Hello, FS rejects with 'Handshake
>>> failed' error.
>>> Can you please help on this?
>>>
>>> Thanks
>>> Ramesh
>>>
>>>
>>>
>>> --
>>> Sent from: http://freeswitch-users.2379917.n2.nabble.com/
>>>
>>> _________________________________________________________________________
>>>
>>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>>> services.
>>> Build your next product on our scalable cloud platform.
>>>
>>> Join our online community to chat in real time
>>> https://signalwire.community
>>>
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>
>> _________________________________________________________________________
>>
>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>> services.
>> Build your next product on our scalable cloud platform.
>>
>> Join our online community to chat in real time
>> https://signalwire.community
>>
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20200624/819c683b/attachment.html>


More information about the FreeSWITCH-users mailing list