Now I got the eyeBeam 1.5 working with the OpenSER using TLS for
signaling encryption. I decided to share my experieses in case someone
else will be having similar problems.
First of all you might want to read this quite nice SSL tutorial to
understand what these certificates are all about:
Then what I did was that I took the root certificate from
/etc/openser/tls/rootCA/cacert.pem and converted it to .crt format. I
don't know if this is neccessary but I did it anyway with the
following command "openssl x509 -in cacert.pem -out cacert.crt".
Then I moved the cacert.crt file to my public web server directory and
loaded it using Internet Explorer. Then I just needed to press
"Install certificate" and remember to store it to the "Trusted Root
Certification Authorities". Then it works... Installing the
certificate did not work with firefox, since it uses different
certificate store. Of course if you don't want to use IE, download the
.crt file and double click it to start the certificate wizard.
- Teemu
On 5/17/06, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Christoph Fürstaller wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Klaus,
> Hi Christoph!
> What is the "cert/key (pk12) for the client"? Is it for TLS client
> authentication (the proxy requests a certificate from eyebeam)?
I'm very sorry, I'm not using client authentication. On the OpenSER
Website there is an error in the TLS Tutorial. The mentioned parameter
tls_verify = 1 is wrong. The correct one is tls_verify_client = 1 (as
given in the README file in the sources)
Yes, the web tutorial is not up2date with CVS head.
regards
klaus
After I corrected this I get that error:
tls_error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer
did not return a certificate
So my eyeBeam doesn't send a cert. I asked on the counterpath forum and
searched the docs, but didn't found something concerning that. So,
eyeBeam isn't compatible of that? Anyone knows?
> If yes - how does eyebeam know which of the
available client
> certificates it should use?
> regards
> klaus
chris...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEaZ9ZR0exH8dhr/YRAhTcAKCsGpyYCLluX8MZuWtMeL2PDwwd8QCgoTul
QZQCfeY2QK/+n5z36d6BxCM=
=+fL3
-----END PGP SIGNATURE-----