Version 3 (modified by bennylp, 16 years ago) (diff) |
---|
Configuring PJSIP with TLS
Creating Certificate
- Create CACert.account
- Create certificate creation request:
$ cat <<< EOF > user.conf # # LocalServer.conf # [ req ] prompt = no distinguished_name = sip_pjsip_org [ sip_pjsip_org ] commonName = sip.pjsip.org subjectAltName = sip01.pjsip.org subjectAltName = sip02.pjsip.org stateOrProvinceName = London countryName = GB emailAddress = bennylp@pjsip.org organizationName = PJSIP.ORG organizationalUnitName = Top secret research department EOF $ openssl req -config user.conf -out user-cert_req.pem -keyout user-privkey.pem -new -nodes
- Copy the content of user-cert_req.pem to clipboard
- Go to your browser again, login to your CACert.org account
- Select from the right menu: Server Certificates --> New
- Paste the request to the text box, and click Submit button.
- Confirm the creation
- Your server certificate will be created.
- Save the server certificate to a file, say, server-cert.pem.
Build PJSIP with TLS Support
Add this in config_site.h:
#define PJSIP_HAS_TLS_TRANSPORT 1
Configuring pjsua as TLS Server
- Download CACert root certificate from https://www.cacert.org/index.php?id=3, save to local file (say root.pem).
- Run pjsua:
$ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem
Configuring Other User Agents
EyeBeam
Install CACert certificate of authority:
- Run Internet Explorer browser
- Open https://www.cacert.org/index.php?id=3
- Click the link in the page that says to install certificate with IE
Restart EyeBeam