Configuring PJSIP with TLS

Creating Certificate

1. Create CACert.account
2. Create certificate creation request:

   $ cat <<< EOF > user.conf
   #
   # LocalServer.conf
   #
   
   [ req ]
   prompt = no
   distinguished_name = your_distinguished_name
   
   [ your_distinguished_name ]
   commonName             = sip.pjsip.org
   subjectAltName	       = sip.pjsip.org
   stateOrProvinceName    = London
   countryName            = GB
   emailAddress           = bennylp@pjsip.org
   organizationName       = PJSIP.ORG
   organizationalUnitName = Top secret research department
   EOF
   
   $ openssl req -config user.conf -out user-cert_req.pem -keyout user-privkey.pem -new -nodes
   

3. Copy the content of user-cert_req.pem to clipboard
4. Go to your browser again, login to your CACert.org account
5. Select from the right menu: Server Certificates --> New
6. Paste the request to the text box, and click Submit button.
7. Confirm the creation
8. Your server certificate will be created.
9. Save the server certificate to a file, say, server-cert.pem.

Build PJSIP with TLS Support

Add this in config_site.h:

#define PJSIP_HAS_TLS_TRANSPORT 1

Running pjsua as TLS Server

1. Download CACert root certificate from ​https://www.cacert.org/index.php?id=3, save to local file (say root.pem).
2. Run pjsua:

   $ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem --tls-privkey-file user-privkey.pem
   
   

Running pjsua as TLS Client

To make call to SERVER using TLS:

$ ./pjsua --use-tls sip:SERVER;transport=tls

Configuring Other User Agents

EyeBeam

Install CACert certificate of authority:

1. Run Internet Explorer browser
2. Open ​https://www.cacert.org/index.php?id=3
3. Click the link in the page that says to install certificate with IE

Restart EyeBeam