[OpenSIPS-Users] create mediaproxy certificates
Dan Pascu
dan at ag-projects.com
Fri Jul 18 14:27:09 CEST 2014
Thanks for this. We’ll include in the README
On 17 Jul 2014, at 17:41, Edwin <eahaselhoff at gmail.com> wrote:
> Hi Adrian,
>
> I came up with the following commands, which gives me a working set of
> certificates. I only have to take al look how to create the crl.pem (is this
> optional)
crl.pem is optional in the sense that it only comes into play if you have revoked certificates and you want them to be rejected if they attempt to connect.
>
> If you want you can add this lines to the Readme (after testing). If anyone
> has tips / comment / additions please let me know.
It should be noted that the certificate authority generated by these instructions will not be password protected, so if anyone gets ahold of it they will be able to generate valid certificates that can connect to your network.
Another note is that if you’d use a passphrase to protect the CA and the private keys, the private keys need to be exported without including the password, else you need to type the password every time you start mediaproxy.
>
> # Create SSL certificate authority
> openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ca.key.pem -out
> ca.pem -subj
> "/C=NL/ST=NH/L=Amsterdam/O=DEMOTECH/CN=www.example.com/emailAddress=mail at example.com"
>
> # Create private key
> openssl genrsa -out dispatcher.key 2048
> openssl genrsa -out relay.key 2048
>
> # Create certificate request
> openssl req -new -key dispatcher.key -out dispatcher.csr -subj
> "/C=NL/ST=NH/L=Amsterdam/O=DEMOTECH/CN=www.example.com/emailAddress=mail at example.com"
> openssl req -new -key relay.key -out relay.csr -subj
> "/C=NL/ST=NH/L=Amsterdam/O=DEMOTECH/CN=www.example.com/emailAddress=mail at example.com"
>
> # Sign request with CA
> openssl x509 -req -days 3650 -in dispatcher.csr -CA ca.pem -CAkey ca.key.pem
> -set_serial 01 -out dispatcher.crt
> openssl x509 -req -days 3650 -in relay.csr -CA ca.pem -CAkey ca.key.pem
> -set_serial 01 -out relay.crt
>
> # Place (only) the ca.pem, dispatcher.crt, dispatcher.key, relay.crt,
> relay.key files in de tls folder...
>
> Cheers,
>
> Edwin
>
>
>
> --
> View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/create-mediaproxy-certificates-tp7592419p7592468.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list