[asterisk-dev] Why? was: Add a contrib script for generating certs for TLS stuff

Kevin P. Fleming kpfleming at digium.com
Fri Oct 22 16:49:13 CDT 2010


On 10/22/2010 04:23 PM, Terry Wilson wrote:
>> As we move forward and correct all the issues with our TLS implementation and update it, we will have to support
>> some SIP-specific parameters in certificates that these tools currently haven't implemented in an easy way.
>>
>> There might be reasons for using a version of the script in combination with the provisioning server too to generate client certificates.
> 
> One of the things it allows is passing in an openssl config file, where those values could reside. It actually generates a default openssl config file and uses that for the values that are passed. It will be very easy to add additional fields.

TinyCA does this as well; when you create a new 'CA' configuration with
it, it creates a new directory to hold all the stuff, including an
OpenSSL (capitalize that name <G>) config file. I've had to modify that
config file more than one for the certs we generate to use on
origsvn.digium.com.

If this is literally just for testing stuff, it's probably OK. It is a
far cry from what is actually necessary to actually manage even a small
CA, though.

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kfleming at digium.com
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-dev mailing list