[Freeswitch-users] Mutual Authentication

Daniel Ivanov sertys at gmail.com
Tue Jul 16 19:43:50 MSD 2013


Yes,  i too know for a fact that certificate verification works on both fs
and css.  What kind of  certificate you're using?.maybe pass the
corresponding ca file manually on csip? It is weird though, because when i
see a certificate problem, CSS gives me serice unavailable, not timeout.
Review your configuration carefully and make sure connections are
established on correct ports and profiles.
On Jul 14, 2013 10:07 PM, "Mitch Capper" <mitch.capper at gmail.com> wrote:

> FreeSWITCH fully supports validating client certificates and obviously
> using a server certificate too.  http://wiki.freeswitch.org/wiki/SIP_TLScovers several of the settings along with:
> http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files#TLS
>
> ~mitch
>
>
> On Fri, Jul 12, 2013 at 6:57 AM, Burak BorYazılım <mburakbor at gmail.com>wrote:
>
>> thank you and sorry for my late reply.
>>
>> Yes I'm using csipsimple. And I know the settings about verify server
>> checkbox. But the problems starts here. After I checked the server verify,
>> the phone could not register to server, gets a connection timeout.
>>
>>
>> 2013/6/28 Daniel Ivanov <sertys at gmail.com>
>>
>>> It doesnt have to specifically "send" anything. It is always up to the
>>> connecting peer to do certificate verification. And if the peer is sending
>>> a client cerificate server uses it for authentication and connection key
>>> negotiation. Since you're using android and most prolly csipsimple, you
>>> have an option to verify the exact server certificate or it's certificate
>>> authority. And also use a tls password along with a client certificates.
>>> You can find the settings in the expert wizard.
>>> On Jun 27, 2013 6:06 PM, "Burak BorYazılım" <mburakbor at gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I want to know that does FS support mutual authentication while using
>>>> TLS. More clearly, does FS send its certificate to client or not? FS can
>>>> verify the client but I have problems when the clients' server verification
>>>> and i thought that FS does not send some necessary files(maybe certificate
>>>> for example) for mutual authentication. I used android phones for clients.
>>>>
>>>> Thank you,
>>>> Regards...
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130716/9d45374a/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list