| 1 | = Configuring PJSIP with TLS = |
| 2 | |
| 3 | |
| 4 | == Creating Certificate == |
| 5 | |
| 6 | 1. Create CACert.account |
| 7 | 2. Create certificate creation request: |
| 8 | {{{ |
| 9 | $ cat <<< EOF > user.conf |
| 10 | # |
| 11 | # LocalServer.conf |
| 12 | # |
| 13 | |
| 14 | [ req ] |
| 15 | prompt = no |
| 16 | distinguished_name = sip_pjsip_org |
| 17 | |
| 18 | [ sip_pjsip_org ] |
| 19 | commonName = sip.pjsip.org |
| 20 | subjectAltName = sip01.pjsip.org |
| 21 | subjectAltName = sip02.pjsip.org |
| 22 | stateOrProvinceName = London |
| 23 | countryName = GB |
| 24 | emailAddress = bennylp@pjsip.org |
| 25 | organizationName = PJSIP.ORG |
| 26 | organizationalUnitName = Top secret research department |
| 27 | EOF |
| 28 | |
| 29 | $ openssl req -config user.conf -out user-cert_req.pem -keyout user-privkey.pem -new -nodes |
| 30 | }}} |
| 31 | 1. Copy the content of {{{user-cert_req.pem}}} to clipboard |
| 32 | 1. Go to your browser again, login to your CACert.org account |
| 33 | 1. Select from the right menu: '''Server Certificates''' --> '''New''' |
| 34 | 1. Paste the request to the text box, and click '''Submit''' button. |
| 35 | 1. Confirm the creation |
| 36 | 1. Your server certificate will be created. |
| 37 | 1. Save the server certificate to a file, say, {{{server-cert.pem}}}. |
| 38 | |
| 39 | |
| 40 | == Build PJSIP with TLS Support == |
| 41 | |
| 42 | Add this in {{{config_site.h}}}: |
| 43 | {{{ |
| 44 | #define PJSIP_HAS_TLS_TRANSPORT 1 |
| 45 | }}} |
| 46 | |
| 47 | == Configuring pjsua as TLS Server == |
| 48 | |
| 49 | 1. Download CACert root certificate from https://www.cacert.org/index.php?id=3, save to local file (say '''root.pem'''). |
| 50 | 1. Run pjsua: |
| 51 | {{{ |
| 52 | $ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem |
| 53 | |
| 54 | }}} |
| 55 | |
| 56 | |
| 57 | == Configuring Other User Agents == |
| 58 | |
| 59 | === EyeBeam === |
| 60 | |
| 61 | Install CACert certificate of authority: |
| 62 | |
| 63 | 1. Run Internet Explorer browser |
| 64 | 1. Open https://www.cacert.org/index.php?id=3 |
| 65 | 1. Click the link in the page that says to install certificate with IE |
| 66 | |
| 67 | Restart EyeBeam |