[OpenSIPS-Users] generate key

duane.larson at gmail.com duane.larson at gmail.com
Wed Apr 8 16:15:56 CEST 2009 

Be sure to read through the links that you are given so that you have a  
good understanding, but here are the steps I always take


Now we need to create the TLS certifications and Keys  
(http://www.imacat.idv.tw/tech/sslcerts.html Read Create a Server  
Certificate)
openssl genrsa -des3 -out /etc/ssl/private/openxcap.key 2048 <------ Set  
the password to whatever you want
chmod og-rwx /etc/ssl/private/openxcap.key
openssl req -new -key /etc/ssl/private/openxcap.key -out /tmp/openxcap.req
US
State
City
Home
Home
openxcap01.blahblah.com CA

openssl x509 -req -days 7305 -sha1 \
-extfile /etc/ssl/openssl.cnf -extensions v3_ca \
-signkey /etc/ssl/private/openxcap.key \
-in /tmp/openxcap.req -out /etc/ssl/certs/openxcap.crt

rm -f /tmp/openxcap.req


openssl genrsa -out /etc/openxcap/tls/openxcapserver.key 2048
chmod og-rwx /etc/openxcap/tls/openxcapserver.key
openssl req -new -key /etc/openxcap/tls/openxcapserver.key -out  
/tmp/openxcapserver.req ********BE SURE NOT TO SET A PASSWORD******
US
State
City
Home
Home
openxcap01.blahblah.com

openssl x509 -req -days 3650 -sha1 \
-extfile /etc/ssl/openssl.cnf -extensions v3_req \
-CA /etc/ssl/certs/openxcap.crt -CAkey /etc/ssl/private/openxcap.key \
-CAserial /etc/ssl/openxcap.srl -CAcreateserial \
-in /tmp/openxcapserver.req -out /etc/openxcap/tls/openxcapserver.crt


openxcap.crt is the key that needs to be given out to the clients (Bria) -  
Copy it to the desktop, open IE and click on Tools -> Internet Options ->  
Content Tab -> Certifications Button -> Import -> And select "Automatically  
select the certificate store based on the type of certificate"
Then configure Bria with the following
Presence Tab - Mode = Presence Agent
Storage Tab - Storage Method = XCAP
Root URL: https://openxcap01.blahblah.com/xcap-root/


Good Luck


On Apr 8, 2009 4:28am, Uwe Kastens <kiste at kiste.org> wrote:
> Hi Michael,





> Try searching for openssl.





> http://sial.org/howto/openssl/self-signed/





> BR





> Uwe


> > Hello,


> >


> > I will generate a certificate and a private key for my server (openxcap)


> > - tls/server.crt


> > - tls/server.key


> >


> > i dont know how to generate this files.


> >


> >


> > regards


> > michael


> >


> > _______________________________________________


> > Users mailing list


> > Users at lists.opensips.org


> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users


> >








> --





> kiste lat: 54.322684, lon: 10.13586





> _______________________________________________


> Users mailing list


> Users at lists.opensips.org


> http://lists.opensips.org/cgi-bin/mailman/listinfo/users



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090408/bbd5fbb8/attachment.htm

More information about the Users mailing list