[asterisk-users] Client TLS certificates for auth ?
Kevin Long
kevin.long at haloprivacy.com
Mon Mar 28 20:51:29 CDT 2016
I use TLS and SRTP on my Asterisk servers. The server certificates are signed by my internal CA, and the Root CA cert is distributed to the phones and soft phones so they will trust the server without warning.
It is not clear to me if Asterisk can be configured to actually reject client connections/registrations from peers which do not possess a client certificate which has been signed by a particular CA ?
If so, could it be such that the common name in the client certificate would need to match the username or Asterisk “extension” ?
I’m wondering if this can be done , to have a second factor of authentication besides the SIP secret , since in my current setup, despite using a TLS/SSL cert for the server, the server only verifies the client by the SIP secret.
Regards,
Kevin Long
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3587 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160329/5122d597/attachment.bin>
More information about the asterisk-users
mailing list