[Freeswitch-users] Achieving TLS + SRTP for inbound calls
Branden Jordan
BJordan at E-Teleco.com
Wed May 30 03:52:35 UTC 2018
Hey David,
I did a search in the packages and found gentls_cert is put in /usr/bin by default unless you specified an argument to install FS somewhere else.
Unless you have some need to be creating your own self-signed cert it seems like you could use lets encrypt (at least according to the Debian 8 install page) which may simplify some of the key management (creation/renewal) for you. I believe their simple renewal script is called certbot. You just need to wrap certbot in a bash script calling the profile rescan after the key is renewed like Joel Serrano said.
Thanks,
Branden
From: FreeSWITCH-users <freeswitch-users-bounces at lists.freeswitch.org> On Behalf Of David P
Sent: Tuesday, May 29, 2018 11:49 AM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] Achieving TLS + SRTP for inbound calls
Hi Joel, please have a look at my first post yesterday in this thread in which I ask about that doc. In particular, what is {prefix} for a jessie install? And if I follow steps 1-4, how do I renew the cert later?
On Tue, 29 May 2018, 11:28 am Joel Serrano, <joel at textplus.com<mailto:joel at textplus.com>> wrote:
Hi David,
Have a look at: https://freeswitch.org/confluence/display/FREESWITCH/SIP+TLS
You have information on how to generate the certificates..
On Mon, May 28, 2018 at 9:46 PM, David P <davidswalkabout at gmail.com<mailto:davidswalkabout at gmail.com>> wrote:
To be a little more specific, I think you would suggest following https://freeswitch.org/confluence/display/FREESWITCH/WebRTC#WebRTC-InstallCertificates after installing fs on jessie. However, the section there about "Install Certificates" assumes there is already a cert, key, and chain on disk that can be concatenated into a wss.pem. But it seems to me those files don't exist after installing fs on jessie; in particular, /etc/freeswitch/tls/ is empty.
On Mon, May 28, 2018 at 9:00 PM, David P <davidswalkabout at gmail.com<mailto:davidswalkabout at gmail.com>> wrote:
Ok, Giovanni. Using your confluence page's search box (not google) for jessie yields one match:
https://freeswitch.org/confluence/display/FREESWITCH/Debian+8+Jessie
I launched a debian jessie EC2, then followed section "Installing From Debian Packages" at the link above. In particular, I followed the advice in the comment about creating a "freeswitch" folder under /etc before the apt-get to install freeswitch. There were no errors.
Now the only thing under /etc/freeswitch/ is an empty tls/ folder. Is this expected?
Next, to install a CA cert for use by verto and SIP clients, do I follow steps 1-4 at https://freeswitch.org/confluence/display/FREESWITCH/SIP+TLS ? If so, what is {prefix} for this kind of FS install?
On Mon, May 28, 2018 at 8:03 AM, Giovanni Maruzzelli <gmaruzz at gmail.com<mailto:gmaruzz at gmail.com>> wrote:
- Trash your aws instance
- Start with a new jessie 64 sefver i stance (jessie!!!)
- search in freeswitch.org/confluence<http://freeswitch.org/confluence> about jessie
- follow the steps to "install freeswit h on jessie" (copy and paste)
- profit!
Do not try anything advanced until you know the basics.
-giovanni
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180530/d86d6fdd/attachment-0001.html>
More information about the FreeSWITCH-users
mailing list