Version 2 (modified by bennylp, 17 years ago) (diff)


Configuring PJSIP with TLS

Creating Certificate

  1. Create CACert.account
  2. Create certificate creation request:
    $ cat <<< EOF > user.conf
    # LocalServer.conf
    [ req ]
    prompt = no
    distinguished_name = sip_pjsip_org
    [ sip_pjsip_org ]
    commonName             =
    subjectAltName	       =
    subjectAltName	       =
    stateOrProvinceName    = London
    countryName            = GB
    emailAddress           =
    organizationName       = PJSIP.ORG
    organizationalUnitName = Top secret research department
    $ openssl req -config user.conf -out user-cert_req.pem -keyout user-privkey.pem -new -nodes
  3. Copy the content of user-cert_req.pem to clipboard
  4. Go to your browser again, login to your account
  5. Select from the right menu: Server Certificates --> New
  6. Paste the request to the text box, and click Submit button.
  7. Confirm the creation
  8. Your server certificate will be created.
  9. Save the server certificate to a file, say, server-cert.pem.

Build PJSIP with TLS Support

Add this in config_site.h:


Configuring pjsua as TLS Server

  1. Download CACert root certificate from, save to local file (say root.pem).
  2. Run pjsua:
    $ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem

Configuring Other User Agents


Install CACert certificate of authority:

  1. Run Internet Explorer browser
  2. Open
  3. Click the link in the page that says to install certificate with IE

Restart EyeBeam?