[asterisk-commits] russell: branch russell/dtls r206378 - /team/russell/dtls/configs/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Jul 13 21:48:40 CDT 2009 

Author: russell
Date: Mon Jul 13 21:48:37 2009
New Revision: 206378

URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=206378
Log:
Provide easy instructions for setting up certs.

Modified:
    team/russell/dtls/configs/test_dtls.conf.sample

Modified: team/russell/dtls/configs/test_dtls.conf.sample
URL: http://svn.asterisk.org/svn-view/asterisk/team/russell/dtls/configs/test_dtls.conf.sample?view=diff&rev=206378&r1=206377&r2=206378
==============================================================================
--- team/russell/dtls/configs/test_dtls.conf.sample (original)
+++ team/russell/dtls/configs/test_dtls.conf.sample Mon Jul 13 21:48:37 2009
@@ -2,6 +2,41 @@
 ; test_dtls - DTLS Functionality Testing
 ;
 ; Use absolute paths for filenames.
+;
+
+;
+; How to create a Certificate Authority and generate certificates:
+;
+;     The OpenVPN project provides a nice set of scripts that makes
+; this process very easy to do.  If you're not familiar with managing
+; a certificate authority and creating client and server SSL certificates
+; with OpenSSL, using the scripts from OpenVPN is an easy way to get started.
+;
+; 1) Download OpenVPN.
+;    $ tar -xvzf openvpn-2.0.9.tar.gz
+;    $ cd openvpn-2.0.9/easy-rsa/
+;
+; The rest of this is just a condensed version of what you can get from the
+; OpenVPN documentation.  For more details, see:
+;    -> http://openvpn.net/index.php/open-source/documentation/howto.html#pki
+;
+; 2) Initialize
+;    $ . ./vars
+;    $ ./clean-all
+;
+; 3) Create the CA.  This will ask you to fill in some fields.
+;    $ ./build-ca
+;
+; 4) Create server certificate.
+;    $ ./build-key-server server
+;
+; 5) Generate Diffie Hellman parameters:
+;    $ ./build-dh
+;
+; 6) Copy your new files to where Asterisk can find them.
+;    $ cd keys
+;    $ sudo cp ca.crt dh1024.pem server.crt server.key \
+;        /var/lib/asterisk/keys
 ;
 
 [general]
@@ -15,7 +50,7 @@
 ;
 ; Certificate Authority (CA) certificate (optional)
 ;
-;dtlscafile = /var/lib/asterisk/keys/mycacert.pem
+;dtlscafile = /var/lib/asterisk/keys/ca.crt
 
 ;
 ; Path to directory of CA certs (optional)
@@ -25,14 +60,14 @@
 ;
 ; Server private key (required)
 ;
-;dtlsprivatekey = /var/lib/asterisk/keys/mycert.key
+;dtlsprivatekey = /var/lib/asterisk/keys/server.key
 
 ;
 ; Server certificate (required)
 ;
-;dtlscertfile = /var/lib/asterisk/keys/mycert.pem
+;dtlscertfile = /var/lib/asterisk/keys/server.crt
 
 ;
 ; DH Params (required)
 ;
-;dtlsdhfile = /var/lib/asterisk/keys/dh.pem
+;dtlsdhfile = /var/lib/asterisk/keys/dh1024.pem

More information about the asterisk-commits mailing list