[asterisk-dev] [Code Review] Add a contrib script for generating certs for TLS stuff
David Vossel
dvossel at digium.com
Fri Oct 22 10:23:01 CDT 2010
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/979/#review2852
-----------------------------------------------------------
Ship it!
Thanks man! This always takes me forever too.
- David
On 2010-10-21 15:30:03, Terry Wilson wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/979/
> -----------------------------------------------------------
>
> (Updated 2010-10-21 15:30:03)
>
>
> Review request for Asterisk Developers.
>
>
> Summary
> -------
>
> After suffering through yet another fun day of setting up TLS certs for asterisk, I figured I'd knock out a quick script so I don't ever have to do it again.
>
>
> Diffs
> -----
>
> /branches/1.8/contrib/scripts/ast_tls_cert PRE-CREATION
>
> Diff: https://reviewboard.asterisk.org/r/979/diff
>
>
> Testing
> -------
>
> I've generated a CA, client, and server cert, installed the client and CA certs on the Blink softphone, and set the server and CA certs in sip.conf. Everything works.
>
> Example:
> ./ast_tls_cert -C pbx.mycompany.com -O "My Company"
> ./ast_tls_cert -m client -C "Joe User" -O "My Company" -c ca.crt -k ca.key -o joe_user
>
> The first run would create the CA certs since the -c option wasn't passed and also asterisk.pem which would be copied to /etc/asterisk (or wherever) and used as the tlscertfile in sip.conf. The ca.crt can also be copied over and used as the tlscafile.
>
> The second run would create a client certificate using the previously created CA cert and write out joe_user.pem. I then copied ca.rt and joe_user.pem and configured Blink to use them and to verify the server.
>
>
> Thanks,
>
> Terry
>
>
More information about the asterisk-dev
mailing list