Changes between Initial Version and Version 1 of TLS

Timestamp:

Jan 22, 2008 3:06:18 PM (16 years ago)

Author:

bennylp

Comment:

--

TLS

@@ +1 @@
+= Configuring PJSIP with TLS =
+
+
+== Creating Certificate ==
+
+ 1. Create CACert.account
+ 2. Create certificate creation request:
+    {{{
+$ cat <<< EOF > user.conf
+#
+# LocalServer.conf
+#
+
+[ req ]
+prompt = no
+distinguished_name = sip_pjsip_org
+
+[ sip_pjsip_org ]
+commonName             = sip.pjsip.org
+subjectAltName         = sip01.pjsip.org
+subjectAltName         = sip02.pjsip.org
+stateOrProvinceName    = London
+countryName            = GB
+emailAddress           = bennylp@pjsip.org
+organizationName       = PJSIP.ORG
+organizationalUnitName = Top secret research department
+EOF
+
+$ openssl req -config user.conf -out user-cert_req.pem -keyout user-privkey.pem -new -nodes
+    }}}
+ 1. Copy the content of {{{user-cert_req.pem}}} to clipboard
+ 1. Go to your browser again, login to your CACert.org account
+ 1. Select from the right menu: '''Server Certificates''' --> '''New'''
+ 1. Paste the request to the text box, and click '''Submit''' button.
+ 1. Confirm the creation
+ 1. Your server certificate will be created.
+ 1. Save the server certificate to a file, say, {{{server-cert.pem}}}. 
+
+
+== Build PJSIP with TLS Support ==
+
+Add this in {{{config_site.h}}}:
+{{{
+#define PJSIP_HAS_TLS_TRANSPORT 1
+}}}
+
+== Configuring pjsua as TLS Server ==
+
+ 1. Download CACert root certificate from https://www.cacert.org/index.php?id=3, save to local file (say '''root.pem''').
+ 1. Run pjsua:
+  {{{
+$ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem
+
+  }}}
+
+
+== Configuring Other User Agents ==
+
+=== EyeBeam ===
+
+Install CACert certificate of authority:
+
+ 1. Run Internet Explorer browser
+ 1. Open https://www.cacert.org/index.php?id=3
+ 1. Click the link in the page that says to install certificate with IE
+
+Restart EyeBeam