Changes between Version 4 and Version 5 of TLS


Ignore:
Timestamp:
Jan 22, 2008 4:52:16 PM (17 years ago)
Author:
bennylp
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TLS

    v4 v5  
    11= Configuring PJSIP with TLS = 
    2  
    3  
    4 == Creating Certificate == 
    5  
    6  1. Create CACert.account 
    7  2. Create certificate creation request: 
    8     {{{ 
    9 $ cat <<< EOF > user.conf 
    10 # 
    11 # LocalServer.conf 
    12 # 
    13  
    14 [ req ] 
    15 prompt = no 
    16 distinguished_name = your_distinguished_name 
    17  
    18 [ your_distinguished_name ] 
    19 commonName             = sip.pjsip.org 
    20 subjectAltName         = sip.pjsip.org 
    21 stateOrProvinceName    = London 
    22 countryName            = GB 
    23 emailAddress           = bennylp@pjsip.org 
    24 organizationName       = PJSIP.ORG 
    25 organizationalUnitName = Top secret research department 
    26 EOF 
    27  
    28 $ openssl req -config user.conf -out user-cert_req.pem -keyout user-privkey.pem -new -nodes 
    29     }}} 
    30  1. Copy the content of {{{user-cert_req.pem}}} to clipboard 
    31  1. Go to your browser again, login to your CACert.org account 
    32  1. Select from the right menu: '''Server Certificates''' --> '''New''' 
    33  1. Paste the request to the text box, and click '''Submit''' button. 
    34  1. Confirm the creation 
    35  1. Your server certificate will be created. 
    36  1. Save the server certificate to a file, say, {{{server-cert.pem}}}.  
    37  
    382 
    393== Build PJSIP with TLS Support == 
     
    448}}} 
    459 
     10And rebuild PJSIP. 
     11 
    4612== Running pjsua as TLS Server == 
    4713 
    48  1. Download CACert root certificate from https://www.cacert.org/index.php?id=3, save to local file (say '''root.pem'''). 
    4914 1. Run pjsua: 
    5015  {{{ 
    51 $ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem --tls-privkey-file user-privkey.pem 
     16$ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem --tls-privkey-file privkey.pem 
    5217 
    5318  }}} 
     
    7338 
    7439Restart !EyeBeam 
     40 
     41Notes: 
     42 1. !EyeBeam verifies the server name against commonName field of the certificate, so make sure commonName matches the hostname being contacted by !EyeBeam