[Asterisk-Dev] Asterisk Manager encryption

Kevin P. Fleming kpfleming at digium.com
Mon Dec 12 20:29:16 MST 2005


Tzafrir Cohen wrote:

> There's nothing inherently insecure in generating a certificate at
> install-time. This is actually exactly what ssh does.

Well, that's a key pair, not a certificate that must be signed.

> However the atvantage of openssl: being totally below the application
> layer, is also a major annoyance. The server can only be identified by
> its name or IP address. You cannot use the same certificate for several
> IP addresses.

Sure you can, just make a wildcard certificate :-) Now the only problem 
is if you want to provide encrypted service for multiple domains. For 
the applications we are talking about I don't think that is much of an 
issue.



More information about the asterisk-dev mailing list