[Freeswitch-users] So you wanna setup your own CA for WSS/SSL/TLS?

Brian West brian at freeswitch.org
Fri Jul 25 19:12:17 MSD 2014


Someone should probably turn this into a nice how-to:

Here is how I did it.

wget http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz
tar zxfv ssl.ca-0.1.tar.gz
cd ssl.ca-0.1/
perl -i -pe 's/md5/sha1/g' *.sh
perl -i -pe 's/2048/2048/g' *.sh
./new-root-ca.sh
./new-server-cert.sh self.bkw.org
./sign-server-cert.sh self.bkw.org
cat self.bkw.org.crt self.bkw.org.key > /usr/local/freeswitch/certs/wss.pem

Setup Apache:

default-ssl:

SSLCertificateFile    /usr/local/freeswitch/certs/wss.pem
SSLCertificateKeyFile /usr/local/freeswitch/certs/wss.pem
SSLCertificateChainFile /usr/local/freeswitch/certs/wss.pem

Setup Sofia TLS:

cat self.bkw.org.crt self.bkw.org.key >
/usr/local/freeswitch/certs/agent.pem
cat ca.crt > /usr/local/freeswitch/certs/cafile.pem

vars.xml:

<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>

Restart FreeSWITCH.

Now make sure your system has ca.crt imported so it will trust your new
found hotness.
TEST:

openssl s_client -connect self.bkw.org:443
openssl s_client -connect self.bkw.org:8082


Depending on what you've setup you'll see:

subject=/C=US/ST=Oklahoma/L=McAlester/O=Tonka Truck/OU=Secure Web Server/CN=
self.bkw.org/emailAddress=brian at bkw.org

issuer=/C=US/ST=Oklahoma/L=McAlester/O=Whizzzzzzy Bang
Bang/OU=Certification Services Division/CN=WBB Root CA/emailAddress=
brian at bkw.org

Or there abouts.
-- 

*Brian West*
brian at freeswitch.org


*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140725/021f6f15/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list