<html>
<head>
<style>
<!--
@font-face
        {font-family:"Cambria Math"}
@font-face
        {font-family:"Calibri Light"}
@font-face
        {font-family:Calibri}
@font-face
        {font-family:"Trebuchet MS"}
@font-face
        {font-family:Consolas}
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;
        color:black}
h1
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:14.5pt;
        font-family:"Trebuchet MS",sans-serif;
        color:black}
h2
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:13.0pt;
        font-family:"Trebuchet MS",sans-serif;
        color:black}
h3
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:13.0pt;
        font-family:"Trebuchet MS",sans-serif;
        color:black}
a:link, span.MsoHyperlink
        {color:#2A5685;
        text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
        {color:#2A5685;
        text-decoration:underline}
pre
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black}
span.Heading1Char
        {font-family:"Calibri Light",sans-serif;
        color:#2E74B5}
span.Heading2Char
        {font-family:"Calibri Light",sans-serif;
        color:#2E74B5}
span.Heading3Char
        {font-family:"Calibri Light",sans-serif;
        color:#1F4D78}
span.HTMLPreformattedChar
        {font-family:Consolas;
        color:black}
p.footr, li.footr, div.footr
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Trebuchet MS",sans-serif;
        color:black}
span.EmailStyle23
        {font-family:"Calibri",sans-serif;
        color:#1F497D}
span.EmailStyle24
        {font-family:"Calibri",sans-serif;
        color:#1F497D}
.MsoChpDefault
        {font-size:10.0pt}
@page WordSection1
        {margin:72.0pt 72.0pt 72.0pt 72.0pt}
div.WordSection1
        {}
-->
</style>


</head>
<body>
<div style="color: black;">
<div style="color: black;">
<p style="margin: 0 0 1em 0; color: black;">Hi,</p>
<p style="margin: 0 0 1em 0; color: black;">Thanks for that info so if I
understood it right the agent.pem file will have my cert and key inside it
only and no intermediary or root ca cert is required at all, but what goes
in the tls.pem file?</p>
</div>
<div style="color: black;">
<p
style="color: black; font-size: 10pt; font-family: Arial, sans-serif; margin: 10pt 0;">On
September 17, 2017 5:45:28 AM Shaun Stokes
<shaun.stokes@itec-support.co.uk> wrote:</p>
<blockquote type="cite" class="gmail_quote"
style="margin: 0 0 0 0.75ex; border-left: 1px solid #808080; padding-left: 0.75ex;">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Hi
Bipin,</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">We've
found that these are the certs which FreeSWITCH will use, the pem file will
need the public and private key (same as your wss cert). You'll also need
 to make sure the user for FreeSWITCH has read permission to the
certs.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">agent.pem</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">dtls-srtp.pem</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">tls.pem</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">wss.pem</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">FreeSWITCH
doesn't seem to need the intermediary and root cert of the CA.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Here
are some of the TLS parameters you might also want on your SIP
profile.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Name:
tls</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Value:
true</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Name:
tls-bind-params</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Value:
transport=tls</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Name:
tls-cert-dir</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Value:
"Your Cert Directory Path"</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Name:
tls-sip-port</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Value:
5061</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Name:
tls-verify-date</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Value:
true</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Name:
tls-verify-depth</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Value:
2</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Name:
tls-verify-policy</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Value:
all|subjects_all</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Name:
tls-version</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Value:
tlsv1.2</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D">Shaun</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<div>
<div
style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US"
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:windowtext">From:</span></b><span
lang="EN-US"
style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:windowtext">
FreeSWITCH-users [<a
href="mailto:freeswitch-users-bounces@lists.freeswitch.org">mailto:freeswitch-users-bounces@lists.freeswitch.org</a>]
<b>On Behalf Of </b>Bipin Patel<br>
<b>Sent:</b> 16 September 2017 06:49<br>
<b>To:</b> FreeSWITCH Users Help <<a
href="mailto:freeswitch-users@lists.freeswitch.org">freeswitch-users@lists.freeswitch.org</a>><br>
<b>Subject:</b> Re: [Freeswitch-users] TLS and SRTP commercial certs go in
which file?</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:10.0pt; font-family:"Arial",sans-serif">hi,<br>
<br>
no one?</span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Regards,<br>
Bipin</p>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="1" width="100%" align="center">
</div>
</div>
<div>
<p class="MsoNormal">-------- Original Message --------<br>
Subject: [Freeswitch-users] TLS and SRTP commercial certs go in which file?<br>
From: Bipin Patel <a
href="mailto:bipin@xbipin.com"><bipin@xbipin.com></a><br>
To: FreeSWITCH Users Help <a
href="mailto:freeswitch-users@lists.freeswitch.org">
<freeswitch-users@lists.freeswitch.org></a><br>
Date: 9/15/2017, 3:44:33 PM</p>
</div>
<blockquote style="margin-top:5.0pt; margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:10.0pt; font-family:"Arial",sans-serif">hi,<br>
<br>
when i setup verto on my server i used commercial certificates with wss.pem
containing the following and all that works brilliant:<br>
-----BEGIN CERTIFICATE-----<br>
<lots of gibberish from the actual certificate><br>
-----END CERTIFICATE-----<br>
-----BEGIN RSA PRIVATE KEY-----<br>
<lots of gibberish from the actual certificate><br>
-----END RSA PRIVATE KEY-----<br>
-----BEGIN CERTIFICATE-----<br>
<lots of gibberish from the intermediate certificate><br>
-----END CERTIFICATE-----<br>
-----BEGIN CERTIFICATE-----<br>
<even more gibberish from the root certificate><br>
-----END CERTIFICATE-----<br>
<br>
now i want to use the same certificate for TLS and SRTP and i was reading
the docs and it mentioned to create a agent.pem file with the actual server
cert and key but where do i copy the intermediatory and root cert of the
CA, which folders do both go in and
 with what filename?<br>
<br>
any help is appreciated</span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">-- <br>
Regards,<br>
Bipin</p>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="1" width="100%" align="center">
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
</p>
<pre>_________________________________________________________________________</pre>
<pre>Professional FreeSWITCH Consulting Services:</pre>
<pre><a
href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a></pre>
<pre><a
href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a></pre>
<pre> </pre>
<pre>Official FreeSWITCH Sites</pre>
<pre><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
<pre><a
href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a></pre>
<pre><a href="http://www.cluecon.com">http://www.cluecon.com</a></pre>
<pre> </pre>
<pre>FreeSWITCH-users mailing list</pre>
<pre><a
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a></pre>
<pre><a
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></pre>
<pre>UNSUBSCRIBE:<a
href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a></pre>
<pre><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
</blockquote>
<p class="MsoNormal"><br>
<br>
______________________________________________________________________<br>
This message has been checked for all known viruses by MessageLabs Virus
Scanning Service.<br>
______________________________________________________________________</p>
</div>
<table>
<tbody>
<tr>
<td><img
src="http://www.itec-support.co.uk/wp-content/uploads/2016/07/email_logo.jpg"></td>
<td valign="top">
<div><a style="font-family:calibri; color:#1B3E94; font-size:11pt">Shaun
Stokes - Infrastructure Analyst</a></div>
<div>
<table>
<tbody>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td><a style="font-family:calibri; color:#1B3E94; font-size:11pt">T : </a></td>
<td><a style="font-family:calibri; color:#1B3E94; font-size:11pt">01453
700713</a></td>
</tr>
<tr>
<td><a style="font-family:calibri; color:#1B3E94; font-size:11pt">E : </a></td>
<td><a
style="font-family:calibri; color:#1B3E94; font-size:11pt">shaun.stokes@itec-support.co.uk</a></td>
</tr>
<tr>
<td><a style="font-family:calibri; color:#1B3E94; font-size:11pt">W : </a></td>
<td><a
style="font-family:calibri; color:#1B3E94; font-size:11pt">www.itec-support.co.uk</a></td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
</tbody>
</table>
<div><a
style="font-family:calibri; color:#1B3E94; font-size:11pt">Registered
Address :- ITEC Support, Suite 2 Prospect House, Bath Road, Stroud,
Gloucestershire GL5 3QF</a>
<br>
<a style="font-family:calibri; color:#1B3E94; font-size:11pt">Company No.
06908001</a>
</div>
<div><br>
<a style="font-family:calibri; color:Grey; font-size:11pt">CONFIDENTIALITY
NOTICE</a>
<br>
<a style="font-family:calibri; color:Grey; font-size:11pt">This
communication and the information it contains are intended for the person
or organisation to which it is addressed. Its contents are confidential and
may be protected in law. Unauthorised use,
 copying or disclosure of any of it may be unlawful. If you are not the
intended recipient, please contact us immediately.</a>
<br>
<a style="font-family:calibri; color:Grey; font-size:11pt">The contents of
any attachments in this e-mail may contain software viruses, which could
damage your own computer system. While ITEC Support has taken every
reasonable precaution to minimise this risk,
 we cannot accept liability for any damage which you sustain as a result of
software viruses. You should carry out your own virus checking procedure
before opening any attachment.</a>
</div>
<br clear="both">
______________________________________________________________________<BR>
This message has been checked for all known viruses by  MessageLabs Virus
Scanning Service.<BR>
______________________________________________________________________<BR>

_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a class="aqm-autolink aqm-autowrap"
href="mailto:consulting%40freeswitch.org">consulting@freeswitch.org</a><br>
<a class="aqm-autolink aqm-autowrap"
href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a class="aqm-autolink aqm-autowrap"
href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
<a class="aqm-autolink aqm-autowrap"
href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a><br>
<a class="aqm-autolink aqm-autowrap"
href="http://www.cluecon.com">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a class="aqm-autolink aqm-autowrap"
href="mailto:FreeSWITCH-users%40lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a class="aqm-autolink aqm-autowrap"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a class="aqm-autolink aqm-autowrap"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a class="aqm-autolink aqm-autowrap"
href="http://www.freeswitch.org">http://www.freeswitch.org</a></blockquote>
</div>
</div>
</body>
</html>