Changes between Version 4 and Version 5 of TLS

Timestamp:

Jan 22, 2008 4:52:16 PM (16 years ago)

Author:

bennylp

Comment:

--

TLS

@@ -1 +1 @@
 = Configuring PJSIP with TLS =
-
-
-== Creating Certificate ==
-
- 1. Create CACert.account
- 2. Create certificate creation request:
-    {{{
-$ cat <<< EOF > user.conf
-#
-# LocalServer.conf
-#
-
-[ req ]
-prompt = no
-distinguished_name = your_distinguished_name
-
-[ your_distinguished_name ]
-commonName             = sip.pjsip.org
-subjectAltName         = sip.pjsip.org
-stateOrProvinceName    = London
-countryName            = GB
-emailAddress           = bennylp@pjsip.org
-organizationName       = PJSIP.ORG
-organizationalUnitName = Top secret research department
-EOF
-
-$ openssl req -config user.conf -out user-cert_req.pem -keyout user-privkey.pem -new -nodes
-    }}}
- 1. Copy the content of {{{user-cert_req.pem}}} to clipboard
- 1. Go to your browser again, login to your CACert.org account
- 1. Select from the right menu: '''Server Certificates''' --> '''New'''
- 1. Paste the request to the text box, and click '''Submit''' button.
- 1. Confirm the creation
- 1. Your server certificate will be created.
- 1. Save the server certificate to a file, say, {{{server-cert.pem}}}. 
-
 
 == Build PJSIP with TLS Support ==
@@ -44 +8 @@
 }}}
 
+And rebuild PJSIP.
+
 == Running pjsua as TLS Server ==
 
- 1. Download CACert root certificate from https://www.cacert.org/index.php?id=3, save to local file (say '''root.pem''').
  1. Run pjsua:
   {{{
-$ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem --tls-privkey-file user-privkey.pem
+$ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem --tls-privkey-file privkey.pem
 
   }}}
@@ -73 +38 @@
 
 Restart !EyeBeam
+
+Notes:
+ 1. !EyeBeam verifies the server name against commonName field of the certificate, so make sure commonName matches the hostname being contacted by !EyeBeam