= Configuring PJSIP with TLS = == Creating Certificate == 1. Create CACert.account 2. Create certificate creation request: {{{ $ cat <<< EOF > user.conf # # LocalServer.conf # [ req ] prompt = no distinguished_name = sip_pjsip_org [ sip_pjsip_org ] commonName = sip.pjsip.org subjectAltName = sip01.pjsip.org subjectAltName = sip02.pjsip.org stateOrProvinceName = London countryName = GB emailAddress = bennylp@pjsip.org organizationName = PJSIP.ORG organizationalUnitName = Top secret research department EOF $ openssl req -config user.conf -out user-cert_req.pem -keyout user-privkey.pem -new -nodes }}} 1. Copy the content of {{{user-cert_req.pem}}} to clipboard 1. Go to your browser again, login to your CACert.org account 1. Select from the right menu: '''Server Certificates''' --> '''New''' 1. Paste the request to the text box, and click '''Submit''' button. 1. Confirm the creation 1. Your server certificate will be created. 1. Save the server certificate to a file, say, {{{server-cert.pem}}}. == Build PJSIP with TLS Support == Add this in {{{config_site.h}}}: {{{ #define PJSIP_HAS_TLS_TRANSPORT 1 }}} == Configuring pjsua as TLS Server == 1. Download CACert root certificate from https://www.cacert.org/index.php?id=3, save to local file (say '''root.pem'''). 1. Run pjsua: {{{ $ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem }}} == Configuring Other User Agents == === !EyeBeam === Install CACert certificate of authority: 1. Run Internet Explorer browser 1. Open https://www.cacert.org/index.php?id=3 1. Click the link in the page that says to install certificate with IE Restart !EyeBeam