Hi there,
I have a question concerning TLS in openser:
By switching tls_require_certificate to "on", the peer is forced to send his certificate for means of mutual authentication.
My problem is, that the peer may be another proxy server whom I want to authenticate with its cert - but the peer might also be an user agent. In my situation I use a Snom 360 which has not the possibility to import an own user-certificate (only a CA-cert for verifying server-certs).
----------- ---------- --------- | snom 360 | <------ TLS -------> | outbound | <----- TLS -----> | inbound | ----------- server sends cert ---------- mutual AUTH ---------
But when I activate tls_require_certificate=on in the openser.cfg of the outbound proxy, the snom360 can't register, because it has no user-cert. On the other hand, when I disable tls_require_certificate, the snom can register, but the security between the proxies is weak.
Is there an appropriate solution for this problem ?? Maybe I didn't understand the sample configuration at all....
Thanks in advance and regards,
Philipp