[Freeswitch-users] How to generate client certificates using commercial certificate?

Luis Daniel Lucio Quiroz luis.daniel.lucio at gmail.com
Sun Jan 4 04:18:08 MSK 2015


Sorry I misread, i though you wantedto create your own certs using one
from Comodo.
Luis Daniel Lucio Quiroz
CISSP, CISM, CISA
Linux, VoIP and much more fun
www.okay.com.mx

Need LCR? Check out LCR for FusionPBX with FreeSWITCH
Need Billing? Check out Billing for FusionPBX with FreeSWITCH


2015-01-03 20:16 GMT-05:00 Luis Daniel Lucio Quiroz
<luis.daniel.lucio at gmail.com>:
> You cant, this topic is out of voip scope.
>
> Ask in openssl ML, but in short terms you cant do what you want.
> Luis Daniel Lucio Quiroz
> CISSP, CISM, CISA
> Linux, VoIP and much more fun
> www.okay.com.mx
>
> Need LCR? Check out LCR for FusionPBX with FreeSWITCH
> Need Billing? Check out Billing for FusionPBX with FreeSWITCH
>
>
> 2015-01-03 19:43 GMT-05:00 Mitch Capper <mitch.capper at gmail.com>:
>> They would have to appoint your cert as a CA(certificate authority) for you
>> to be able to use it to issue client certificates.  The best option is to
>> use your own CA and just install your CA cert onto the devices (as you would
>> already be installing client certs on devices this shouldn't be too hard).
>>
>> ~Mitch
>>
>> On Sat, Jan 3, 2015 at 4:18 PM, Rajil Saraswat <rajil.s at gmail.com> wrote:
>>>
>>> Hello,
>>>
>>> I would like to use a commercial certificate to generate client
>>> certificates for my TLS sip clients. I have received the following
>>> files for my server from PositiveSSL
>>>
>>> Root CA Certificate - AddTrustExternalCARoot.crt
>>> Intermediate CA Certificate - COMODORSAAddTrustCA.crt
>>> Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
>>> Your PositiveSSL Certificate - myserver_dyndns_org.crt
>>>
>>>
>>> I did the following to create the files in freeswitch/conf/ssl
>>>
>>> a) cat myserver.key myserver_dyndns_org.crt>agent.pem
>>> b) cat COMODORSADomainValidationSecureServerCA.crt
>>> COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > cafile.pem
>>>
>>>
>>> Testing the server works:
>>> openssl s_client -showcerts -connect myserver.dyndns.org:5061
>>>
>>> *****SNIP****
>>> Server certificate
>>> subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=myserver.dyndns.org
>>> issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
>>> Limited/CN=COMODO RSA Domain Validation Secure Server CA
>>> ---
>>> No client certificate CA names sent
>>> ---
>>> SSL handshake has read 6108 bytes and written 442 bytes
>>> ---
>>> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
>>> Server public key is 2048 bit
>>> Secure Renegotiation IS supported
>>> *****SNIP******
>>>
>>> How do i create the certificates for the clients now?
>>>
>>> Thanks
>>> Rajil
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org



Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list