[Freeswitch-users] Achieving TLS + SRTP for inbound calls

Joel Serrano joel at textplus.com
Tue May 29 19:34:12 UTC 2018


Hi David,

So it all depends.. Those docs are just introductions to get a setup "up
and running". For example, in the docs you generate self-signed
certificates that (although perfectly valid) can give you issues with
browsers because their CA is not trusted, etc. Regarding expiration, it all
depends, as this is something you choose.

Going down to your specific problems:

1- ..${prefix}.. is just a variable, that will be replaced with a value,
normally /usr/local/freeswitch, but can be anything (depending on where you
installed FS).
2- When it comes to the "path" that you specify in the config for the
certificates, it can also be anything, the important part is that you make
sure that the user you run FS with has access to reading those files. If
you don't like using ${prefix} you can directly set /path/to/your/certs,
just remember double checking the permissions.
3- When you renew your certificate, you will have to make FS aware of that,
I'd have to check but I'm pretty sure that after updating the files a sofia
profile rescan should be enough.














On Tue, May 29, 2018 at 11:48 AM, David P <davidswalkabout at gmail.com> wrote:

> Hi Joel, please have a look at my first post yesterday in this thread in
> which I ask about that doc. In particular, what is {prefix} for a jessie
> install? And if I follow steps 1-4, how do I renew the cert later?
>
> On Tue, 29 May 2018, 11:28 am Joel Serrano, <joel at textplus.com> wrote:
>
>> Hi David,
>>
>> Have a look at: https://freeswitch.org/confluence/display/FREESWITCH/
>> SIP+TLS
>>
>> You have information on how to generate the certificates..
>>
>>
>> On Mon, May 28, 2018 at 9:46 PM, David P <davidswalkabout at gmail.com>
>> wrote:
>>
>>> To be a little more specific, I think you would suggest following
>>> https://freeswitch.org/confluence/display/FREESWITCH/WebRTC#WebRTC-
>>> InstallCertificates after installing fs on jessie. However, the section
>>> there about "Install Certificates" assumes there is already a cert, key,
>>> and chain on disk that can be concatenated into a wss.pem. But it seems to
>>> me those files don't exist after installing fs on jessie; in particular,
>>> /etc/freeswitch/tls/ is empty.
>>>
>>> On Mon, May 28, 2018 at 9:00 PM, David P <davidswalkabout at gmail.com>
>>> wrote:
>>>
>>>> Ok, Giovanni. Using your confluence page's search box (not google) for
>>>> jessie yields one match:
>>>>
>>>> https://freeswitch.org/confluence/display/FREESWITCH/Debian+8+Jessie
>>>>
>>>> I launched a debian jessie EC2, then followed section "Installing From
>>>> Debian Packages" at the link above. In particular, I followed the advice in
>>>> the comment about creating a "freeswitch" folder under /etc before the
>>>> apt-get to install freeswitch. There were no errors.
>>>>
>>>> Now the only thing under /etc/freeswitch/ is an empty tls/ folder. Is
>>>> this expected?
>>>>
>>>> Next, to install a CA cert for use by verto and SIP clients, do I
>>>> follow steps 1-4 at https://freeswitch.org/
>>>> confluence/display/FREESWITCH/SIP+TLS ? If so, what is {prefix} for
>>>> this kind of FS install?
>>>>
>>>>
>>>> On Mon, May 28, 2018 at 8:03 AM, Giovanni Maruzzelli <gmaruzz at gmail.com
>>>> > wrote:
>>>>
>>>>> - Trash your aws instance
>>>>> - Start with a new jessie 64 sefver i stance (jessie!!!)
>>>>> - search in freeswitch.org/confluence about jessie
>>>>> - follow the steps to "install freeswit h on jessie" (copy and paste)
>>>>> - profit!
>>>>>
>>>>> Do not try anything advanced until you know the basics.
>>>>>
>>>>> -giovanni
>>>>>
>>>>
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180529/728d4963/attachment-0001.html>


More information about the FreeSWITCH-users mailing list