Changes between Initial Version and Version 1 of TLS


Ignore:
Timestamp:
Jan 22, 2008 3:06:18 PM (13 years ago)
Author:
bennylp
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TLS

    v1 v1  
     1= Configuring PJSIP with TLS = 
     2 
     3 
     4== Creating Certificate == 
     5 
     6 1. Create CACert.account 
     7 2. Create certificate creation request: 
     8    {{{ 
     9$ cat <<< EOF > user.conf 
     10# 
     11# LocalServer.conf 
     12# 
     13 
     14[ req ] 
     15prompt = no 
     16distinguished_name = sip_pjsip_org 
     17 
     18[ sip_pjsip_org ] 
     19commonName             = sip.pjsip.org 
     20subjectAltName         = sip01.pjsip.org 
     21subjectAltName         = sip02.pjsip.org 
     22stateOrProvinceName    = London 
     23countryName            = GB 
     24emailAddress           = bennylp@pjsip.org 
     25organizationName       = PJSIP.ORG 
     26organizationalUnitName = Top secret research department 
     27EOF 
     28 
     29$ openssl req -config user.conf -out user-cert_req.pem -keyout user-privkey.pem -new -nodes 
     30    }}} 
     31 1. Copy the content of {{{user-cert_req.pem}}} to clipboard 
     32 1. Go to your browser again, login to your CACert.org account 
     33 1. Select from the right menu: '''Server Certificates''' --> '''New''' 
     34 1. Paste the request to the text box, and click '''Submit''' button. 
     35 1. Confirm the creation 
     36 1. Your server certificate will be created. 
     37 1. Save the server certificate to a file, say, {{{server-cert.pem}}}.  
     38 
     39 
     40== Build PJSIP with TLS Support == 
     41 
     42Add this in {{{config_site.h}}}: 
     43{{{ 
     44#define PJSIP_HAS_TLS_TRANSPORT 1 
     45}}} 
     46 
     47== Configuring pjsua as TLS Server == 
     48 
     49 1. Download CACert root certificate from https://www.cacert.org/index.php?id=3, save to local file (say '''root.pem'''). 
     50 1. Run pjsua: 
     51  {{{ 
     52$ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem 
     53 
     54  }}} 
     55 
     56 
     57== Configuring Other User Agents == 
     58 
     59=== EyeBeam === 
     60 
     61Install CACert certificate of authority: 
     62 
     63 1. Run Internet Explorer browser 
     64 1. Open https://www.cacert.org/index.php?id=3 
     65 1. Click the link in the page that says to install certificate with IE 
     66 
     67Restart EyeBeam