[asterisk-users] Client TLS certificates for auth ?
Антон Сацкий
satskiy.a at gmail.com
Tue Mar 29 11:40:35 CDT 2016
But what is the problem even if somehow your password will be stolen hacker
can't make a call because he needs certificate.of course if U setup ext to
use TLS only
On Mar 29, 2016 5:32 PM, "Markos Vakondios" <mvakondios at gmail.com> wrote:
> This would be very interesting, as we could register SIP devices securely
> over the internet without the need for VPN.
> Asterisk of course must accept only trusted client certificates the same
> way an OpenVPN server does.
> Anyone operating his/her remote endpoints like this?
> Anyone advising against this solution?
>
> On 29 March 2016 at 04:51, Kevin Long <kevin.long at haloprivacy.com> wrote:
>
>>
>>
>> I use TLS and SRTP on my Asterisk servers. The server certificates are
>> signed by my internal CA, and the Root CA cert is distributed to the phones
>> and soft phones so they will trust the server without warning.
>>
>> It is not clear to me if Asterisk can be configured to actually reject
>> client connections/registrations from peers which do not possess a client
>> certificate which has been signed by a particular CA ?
>>
>> If so, could it be such that the common name in the client certificate
>> would need to match the username or Asterisk “extension” ?
>>
>>
>> I’m wondering if this can be done , to have a second factor of
>> authentication besides the SIP secret , since in my current setup, despite
>> using a TLS/SSL cert for the server, the server only verifies the client by
>> the SIP secret.
>>
>> Regards,
>>
>> Kevin Long
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>> http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160329/325aef4f/attachment.html>
More information about the asterisk-users
mailing list