[Users] help for openser with tls test

Kenny Yeh kenny at artdio.com.tw
Wed Jan 4 11:29:35 CET 2006 

Klaus Darilion,您好!

	Thans for your help!!!! I am trying..... but my client minisip phone 's setup is follow your tips?
what's the ca and what's the private key?  as openser's cfg file?

======= 2006-01-04 17:55:20 您在来信中写道:=======

>Kenny Yeh wrote:
>> users,您好!
>> 
>> 	    Hi,
>>    You reply my question.But no answer my question.
>> I build a openser with tls support,and client is minisip.I want to test the tls between server from client.
>>    I do my right cfg file on openser.I donn't know if you want to read it? please see the below:
>>    cfg file.
>> debug=9            # debug level (cmd line: -dddddddddd)
>> fork=yes
>> log_stderror=no    # (cmd line: -E)
>> 
>> check_via=no    # (cmd. line: -v)
>> dns=no          # (cmd. line: -r)
>> rev_dns=no      # (cmd. line: -R)
>> #port=5060
>> children=4
>> fifo="/tmp/openser_fifo"
>> #fifo_db_url="mysql:mysql_url"
>> 
>> #
>> # uncomment the following lines for TLS support
>> disable_tls = 0
>> listen = tls:192.168.2.95:5061
>> tls_verify = 1
>> tls_require_certificate = 0
>> tls_method = SSLv23
>> tls_certificate = "/ca/demoCA/cacert.pem"
>> tls_private_key = "/ca/demoCA/private/cakey.pem"
>> tls_ca_list = "/ca/openser2/calist.pem"
>
>Hi Kenny!
>
>CA is the Caetificae Authority (the organization that signs the
>certificates).
>
>tls_ca_list = "/ca/demoCA/cacert.pem"
>
>The private key is YOUR private key, not the key of the CA!
>tls_private_key = "/ca/openser2/privkey.pem"
>The certificate is YOUR certificate, not the certificate of the CA!
>tls_certificate = "/ca/openser2/cert.pem"
>
>further, I'm not sure if minisip supports SSL. Try:
>tls_method = TLSv1
>
>regards
>Klaus
>> down is by default.
>>    
>>       I can start ser well,and I see the ser.log ,TLS is running,some ca files is loaded.now I start minisip phone to registar,but minisip phone's error messenge:"exception caught where creating tls server" I donn't konw why?
>> 
>>       I donn't know if my detail is enough,If you are ok,please send me the steps help to test TLS cfg file or manual book for cookie.
>> 
>>       I found the tls help file,
>> 
>> mkdir demoCA
>> 
>> This is the default CA name and it must be exactly as set in your openssl configuration /etc/ss/openssl.cnf : 
>> 
>> how to set in openssl.cnf file? or if I didn't ,tls cann't be support?
>> 
>> 
>>         致
>> 礼!
>>  				
>> 
>>         Kenny Yeh
>>                上海金叶通讯科技有限公司
>>                TEL:8621-6421-6758 ext.311
>>         kenny at artdio.com.tw
>>           2006-01-04
>> 
>> 
>> ------------------------------------------------------------------------
>> 
>> _______________________________________________
>> Users mailing list
>> Users at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>

= = = = = = = = = = = = = = = = = = = =
			

        致
礼!
 
				 
        Kenny Yeh
        kenny at artdio.com.tw
          2006-01-04

More information about the Users mailing list