[asterisk-dev] Why? was: Add a contrib script for generating certs for TLS stuff

Olle E. Johansson oej at edvina.net
Fri Oct 22 02:26:51 CDT 2010

22 okt 2010 kl. 00.30 skrev Kevin P. Fleming:

> On 10/21/2010 04:11 PM, Hans Witvliet wrote:
>> On Thu, 2010-10-21 at 20:30 +0000, Terry Wilson wrote:
>>> -----------------------------------------------------------
>>> This is an automatically generated e-mail. To reply, visit:
>>> https://reviewboard.asterisk.org/r/979/
>>> -----------------------------------------------------------
>>> Review request for Asterisk Developers.
>>> Summary
>>> -------
>>> After suffering through yet another fun day of setting up TLS certs for asterisk, I figured I'd knock out a quick script so I don't ever have to do it again.
>> Just curious,
>> As there are about a dozen or so tools for making/maintaining
>> certificates, why create another?
>> I would rather expect to see explained how to generate certificates with
>> allready available tools...., nor re-re-re-inventing the wheel!
> Yeah... the OpenVPN distribution already contains "easyssl" scripts to
> do this, and the tinyca2 tool is a very easy to use GUI wrapper for
> OpenSSL that also can be used for this purpose.
As we move forward and correct all the issues with our TLS implementation and update it, we will have to support
some SIP-specific parameters in certificates that these tools currently haven't implemented in an easy way.

There might be reasons for using a version of the script in combination with the provisioning server too to generate client certificates.

I vote for adding this script here to prepare for this potential glorius future. Good work, Terry!


More information about the asterisk-dev mailing list