[Freeswitch-users] TLS setup
Ramesh Kandasamy
ramelcom at gmail.com
Tue Jun 23 15:58:30 UTC 2020
Thanks Nathan.
I am using FS 1.8.5. I used server cert (with chain) and private key in
agent.pem and root CA certs in cacert.pem and cafile.pem.
Is root CA not needed here? I have configured the root CA cert @ the SIP
B2BUA am using.
I am new to TLS so please bear with me if these are basic questions.
Thanks
Ramesh
On Tue, Jun 23, 2020 at 6:43 AM Nathan Stratton <nathan at robotics.net> wrote:
> Sure, I am using 3rd party cert from comodo. I just did the following:
>
> cat {privatekey} > tls.pem
> cat {cert} >> tls.pem
> cat {chain} >> tls.pem
>
> Make sure that in your sip_profiles that use TLS that you have
> tls-cert-dir pointing to your tls.pem directory.
>
> BTW, the same works for wss.pem
>
> ><>
> nathan stratton
>
>
> On Mon, Jun 22, 2020 at 10:56 PM ramelcom <ramelcom at gmail.com> wrote:
>
>> Hi,
>> I am trying to setup TLS in FreeSWITCH. In my usecase, FS acts as a server
>> and another SIP B2BUA acts as the client. I was able to successfully setup
>> the TLS if I generate the certificates at FS and configure with those.
>> However, if I want to use server certificate generated and signed by 3rd
>> party, it doesn't work. I added server certificate as agent.pem and root
>> CA
>> as cacert.pem and cafile.pem. Also, I am configuring the root CA at SIP
>> B2BUA side. When SIP B2BUA sends Client Hello, FS rejects with 'Handshake
>> failed' error.
>> Can you please help on this?
>>
>> Thanks
>> Ramesh
>>
>>
>>
>> --
>> Sent from: http://freeswitch-users.2379917.n2.nabble.com/
>>
>> _________________________________________________________________________
>>
>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>> services.
>> Build your next product on our scalable cloud platform.
>>
>> Join our online community to chat in real time
>> https://signalwire.community
>>
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20200623/4f9d7baf/attachment.html>
More information about the FreeSWITCH-users
mailing list