Administrator TOOTAI
2012-Aug-20 14:23 UTC
[asterisk-users] Asterisk as TLS server as well as TLS client
Hi, I have to connect 3 asterisk servers,each of them being TLS server for his clients and connected in both way in TLS with both others asterisk, each having hi own Common Name. Is this possible? I set up 2 asterik's , one server and the other client, this is OK. But I can't deal with certificats generated on both servers. I tried to put tlscertfile ans tlscafile in the peer definition, each pointing to the certificate generated by the server, but that? not working. Thanks for any hint. -- Daniel
Daniel Pocock
2012-Aug-20 15:02 UTC
[asterisk-users] Asterisk as TLS server as well as TLS client
On 20/08/12 16:23, Administrator TOOTAI wrote:> Hi, > > I have to connect 3 asterisk servers,each of them being TLS server for > his clients and connected in both way in TLS with both others asterisk, > each having hi own Common Name. Is this possible? > > I set up 2 asterik's , one server and the other client, this is OK. But > I can't deal with certificats generated on both servers. > > I tried to put tlscertfile ans tlscafile in the peer definition, each > pointing to the certificate generated by the server, but that? not working. > > Thanks for any hint. >Asterisk doesn't seem to implement mutual TLS authentication, see the comments in this thread: http://java.net/projects/jitsi/lists/users/archive/2012-08/message/37 People who want strong TLS typically use a SIP proxy as a front-end to Asterisk, either repro or Kamailio stand out as leaders in TLS support http://www.opentelecoms.org/use-a-sip-proxy-instead-of-asterisk At the bottom, there are links to some practical guides how to use either repro or Kamailio with Asterisk