[Spce-user] Configuring SSL certificates

Andrew Pogrebennyk apogrebennyk at sipwise.com
Thu Mar 8 04:25:35 EST 2012


Kevin,

On 03/08/2012 01:19 AM, Kevin Blackman wrote:
> What about the Kamilio self-signed root that is used as its server certificate.
> I have not changed this certificate... 
> 1) Is this certificate used in SIP over TLS connections? 

Yes.

> 2) As our clients must bind to a trusted root certificate, if this is the certificate that is presented to the client over SIP/TLS, then can we change it to a trusted SSL certificate under some intermediate CAs and our publicly trusted Root certificate?

Yes.

> 3) If yes to the above may we place all of them from SSL cert, through issuing, intermediate policy, and then Root CA, within one file in ascending order of hierarchy?

Yes, this applies to almost all OpenSSL implementations and is supposed
to work this way, though I haven't used intermediate CAs with kamailio
myself.

Just check that kamailio.lb.tls.sslcertfile setting in config.yml is
pointing to the correct SSL cert file.




More information about the Spce-user mailing list