[asterisk-dev] Why? was: Add a contrib script for generating certs for TLS stuff

Olle E. Johansson oej at edvina.net
Fri Oct 22 02:26:51 CDT 2010


22 okt 2010 kl. 00.30 skrev Kevin P. Fleming:

> On 10/21/2010 04:11 PM, Hans Witvliet wrote:
>> On Thu, 2010-10-21 at 20:30 +0000, Terry Wilson wrote:
>>> -----------------------------------------------------------
>>> This is an automatically generated e-mail. To reply, visit:
>>> https://reviewboard.asterisk.org/r/979/
>>> -----------------------------------------------------------
>>> 
>>> Review request for Asterisk Developers.
>>> 
>>> 
>>> Summary
>>> -------
>>> 
>>> After suffering through yet another fun day of setting up TLS certs for asterisk, I figured I'd knock out a quick script so I don't ever have to do it again.
>> 
>> Just curious,
>> As there are about a dozen or so tools for making/maintaining
>> certificates, why create another?
>> 
>> I would rather expect to see explained how to generate certificates with
>> allready available tools...., nor re-re-re-inventing the wheel!
> 
> Yeah... the OpenVPN distribution already contains "easyssl" scripts to
> do this, and the tinyca2 tool is a very easy to use GUI wrapper for
> OpenSSL that also can be used for this purpose.
> 
As we move forward and correct all the issues with our TLS implementation and update it, we will have to support
some SIP-specific parameters in certificates that these tools currently haven't implemented in an easy way.

There might be reasons for using a version of the script in combination with the provisioning server too to generate client certificates.

I vote for adding this script here to prepare for this potential glorius future. Good work, Terry!

/O





More information about the asterisk-dev mailing list