[Spce-user] Registration using TLS

Walter Klomp walter at myrepublic.net
Sat Feb 9 10:15:41 EST 2019 

You will find this in /etc/ngcp-config/config.yml under the lb: part…

    tls:
      enable: yes
      port: '5061'
      sslcertfile: /etc/letsencrypt/live/your.domain.here/fullchain.pem
      sslcertkeyfile: /etc/letsencrypt/live/your.domain.here/privkey.pem
    udp_children: '8'
    use_dns_cache: on

This is the only thing you need for TLS…

My ownership of the files under /etc/letsencrypt are

drwxr-x---   9 kamailio ssl-cert   4096 Feb  6 06:00 letsencrypt


and this is in my /etc/group for ssl-cert

ssl-cert:x:112:prosody,www-data,kamailio





Warmest Regards,

 <https://myrepublic.com.sg/>	
Walter Klomp
Head of Voice & Systems
MyRepublic Limited
T: +65 6816 1120
F: +65 6717 2031
 
MyRepublic Limited
11 Lorong 3 Toa Payoh Block B Jackson Square
#04-11/15 Singapore 319579

myrepublic.com.sg <https://myrepublic.com.sg/>
Follow us on: Twitter <https://twitter.com/myrepublic> | Facebook <https://facebook.com/myrepublicsg> | LinkedIn <https://www.linkedin.com/company/myrepublic>



> On 9 Feb 2019, at 9:48 PM, Brian Pelletier <brian.pelletier at aloe-me.net> wrote:
> 
> forgot to reply all... but any thoughts on what i see here?  should i be concerned seeing an enter for UDP here?
> 
> REGISTER sip:xxxx.xxxxxxx.com;transport=TLS SIP/2.0
>               Via: SIP/2.0/UDP 127.0.0.1;branch=z9hG4bK082f.3c0455a20b09e8e9b7a377e0ef3858de.0;i=fc2
>               Via: SIP/2.0/TLS 192.168.1.10:47320;received=216.220.237.110;branch=z9hG4bK-524287-1---adb1d6de16d604b3;rport=53283
> 
> 
> 
> Brian Pelletier
> 
> 
> ---- On Sat, 09 Feb 2019 08:44:50 -0500 Brian Pelletier <brian.pelletier at aloe-me.net <mailto:brian.pelletier at aloe-me.net>> wrote ----
> 
> Thanks for the feedback. That was part of my problem, I couldnt (and still can't) find any options for configuring it on Spce. Though it seems to register just fine using TLS when I tell my end decided to use it.
> 
> 
> 
> Brian Pelletier
> 
> ---- On Sat, 09 Feb 2019 08:37:32 -0500 walter at myrepublic.net <mailto:walter at myrepublic.net> wrote ----
> 
> Works fine. Just add letsencrypt certificates and enable tls. Just make sure lb can read the certs. Proper rights. 
> 
> Yours sincerely,
> Walter
> 
> On 9 Feb 2019, at 8:13 PM, Brian Pelletier <brian.pelletier at aloe-me.net <mailto:brian.pelletier at aloe-me.net>> wrote:
> Has anyone had any experience registering deviced to CE using TLS? I can't find any setting or anything in documentation on it, but I have found stuff online about it being added since some version of 2.x.x.
> 
> 
> Brian Pelletier
> 
> 
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
> https://lists.sipwise.com/listinfo/spce-user <https://lists.sipwise.com/listinfo/spce-user>
> 
> The contents of this email and any attachments are confidential and may also be privileged. You must not disseminate the contents of this email and any attachments without permission of the sender. If you have received this email by mistake, please delete all copies and inform the sender immediately. You may refer to our company's Privacy Policy here <https://myrepublic.net/sg/legal/terms-of-use-policies/privacy-policy/>.
> 
> 


-- 
The contents of this email and any attachments are confidential and may 
also be privileged. You must not disseminate the contents of this email and 
any attachments without permission of the sender. If you have received this 
email by mistake, please delete all copies and inform the sender 
immediately. You may refer to our company's Privacy Policy here 
<https://myrepublic.net/sg/legal/terms-of-use-policies/privacy-policy/>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190209/89d14ec4/attachment-0001.html>

More information about the Spce-user mailing list