[Asterisk-Dev] Asterisk Manager encryption
Kevin P. Fleming
kpfleming at digium.com
Mon Dec 12 19:33:24 MST 2005
John Todd wrote:
> I'm fine with TLS, actually - it's common, "embedded" as a library, and
> requires no user intervention to activate as Asterisk already
> quasi-requires it for config-free installation. It needs to be
> activated inside Asterisk. If it runs on a different port, that's fine
> - it just needs to be running by default, and there need to be NO
> actions by the administrator as far as a security policy or other
> userland applications that must be run to make it work (including
> creation of keys! if there are no keys present on install, Asterisk
> should MAKE them, just like with DUNDi.)
TLS requires a server certificate. This must also be trusted by the
clients, so it either needs to be created by a trusted CA or the
self-signed certificate needs to be copied to the clients so they can
put it into their trust list.
It would be possible for 'make install' to create the certificate if
desired, although it would need to prompt for the relevant server name
to be able to do that. Asterisk does _not_ automatically create keys for
DUNDi, it's a manual process.
More information about the asterisk-dev
mailing list