[asterisk-dev] Why? was: Add a contrib script for generating certs for TLS stuff
Olle E. Johansson
oej at edvina.net
Fri Oct 22 02:26:51 CDT 2010
22 okt 2010 kl. 00.30 skrev Kevin P. Fleming:
> On 10/21/2010 04:11 PM, Hans Witvliet wrote:
>> On Thu, 2010-10-21 at 20:30 +0000, Terry Wilson wrote:
>>> -----------------------------------------------------------
>>> This is an automatically generated e-mail. To reply, visit:
>>> https://reviewboard.asterisk.org/r/979/
>>> -----------------------------------------------------------
>>>
>>> Review request for Asterisk Developers.
>>>
>>>
>>> Summary
>>> -------
>>>
>>> After suffering through yet another fun day of setting up TLS certs for asterisk, I figured I'd knock out a quick script so I don't ever have to do it again.
>>
>> Just curious,
>> As there are about a dozen or so tools for making/maintaining
>> certificates, why create another?
>>
>> I would rather expect to see explained how to generate certificates with
>> allready available tools...., nor re-re-re-inventing the wheel!
>
> Yeah... the OpenVPN distribution already contains "easyssl" scripts to
> do this, and the tinyca2 tool is a very easy to use GUI wrapper for
> OpenSSL that also can be used for this purpose.
>
As we move forward and correct all the issues with our TLS implementation and update it, we will have to support
some SIP-specific parameters in certificates that these tools currently haven't implemented in an easy way.
There might be reasons for using a version of the script in combination with the provisioning server too to generate client certificates.
I vote for adding this script here to prepare for this potential glorius future. Good work, Terry!
/O
More information about the asterisk-dev
mailing list