[Freeswitch-users] How to generate client certificates using commercial certificate?
Mitch Capper
mitch.capper at gmail.com
Sun Jan 4 03:43:32 MSK 2015
They would have to appoint your cert as a CA(certificate authority) for you
to be able to use it to issue client certificates. The best option is to
use your own CA and just install your CA cert onto the devices (as you
would already be installing client certs on devices this shouldn't be too
hard).
~Mitch
On Sat, Jan 3, 2015 at 4:18 PM, Rajil Saraswat <rajil.s at gmail.com> wrote:
> Hello,
>
> I would like to use a commercial certificate to generate client
> certificates for my TLS sip clients. I have received the following
> files for my server from PositiveSSL
>
> Root CA Certificate - AddTrustExternalCARoot.crt
> Intermediate CA Certificate - COMODORSAAddTrustCA.crt
> Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
> Your PositiveSSL Certificate - myserver_dyndns_org.crt
>
>
> I did the following to create the files in freeswitch/conf/ssl
>
> a) cat myserver.key myserver_dyndns_org.crt>agent.pem
> b) cat COMODORSADomainValidationSecureServerCA.crt
> COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > cafile.pem
>
>
> Testing the server works:
> openssl s_client -showcerts -connect myserver.dyndns.org:5061
>
> *****SNIP****
> Server certificate
> subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=myserver.dyndns.org
> issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
> Limited/CN=COMODO RSA Domain Validation Secure Server CA
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 6108 bytes and written 442 bytes
> ---
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> *****SNIP******
>
> How do i create the certificates for the clients now?
>
> Thanks
> Rajil
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150103/e4ab4790/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list