21 Jul
2006
21 Jul
'06
10:49 a.m.
Hi Feriante!
Please Cc: the list too.
To test TLS you have choose where you want to use TLS:
- between the SIP clients and the SIP proxy
- between SIP proxies and to gateways
- both
between the SIP clients and the SIP proxy:
get a SIP client which Supports TLS (eyebeam, minisip, SNOM phones
(maybe also the SNOM softphone?))
between SIP proxies:
get 2 domain names for each proxy (they can be hosted on the same PC
with different ports).
make NAPTR and SRV (RFC3263) entries with TLS as preferred protocol
configure both proxies with the same rootCA
configure both proxies with a client certificate and key
use t_relay(). This should check NAPTR records and use tls as protocol.
regards
klaus
Ferianto siregar wrote:
Dear Klaus Darilion,
Thank you very much for your kind-hearted to reply my message.Thanks
I have tried your suggestion and it works. Thanks
But, would you mind if I ask you a question anymore?
How can I test my TLS configuration, so It can run as a security in voip
communication?
What should I prepare, Klaus? Would you mind..
Please help me..
Thanks with all regards,
Ferianto
*/Klaus Darilion <klaus.mailinglists(a)pernau.at>/* wrote:
Hi Feriante!
The TLS syntax has changed and we have forgotten to update the default
config file. As I sad, read the TLS tutorial
(http://openser.org/docs/tls.html) and also the Wiki describes the new
syntax
(http://openser.org/dokuwiki/doku.php?id=migrating_openser_v1.0.x_to_v1.1.x).
In your case:
tls_verify_server = on
tls_verify_client = on
tls_require_client_certificate = on
regards
klaus
On Fri, July 21, 2006 5:40, Ferianto siregar said:
Dear all,
First of all I would like to say thanks to all of you who has
given me
some helps and suggestions to solve my problem in
configuring my
openser
system. Thank you very much.
I have some questions in configuring the TLS now, I do hope
anybody can
help me. These are the questions:
1. Now, I try to configure the openser system for using the TLS.
So, as
Klaus Darilion said before, I must configure
openser.cfg file
first. So,
I uncomment (enable) the TLS by deleting
"#" in openser.cfg file.
After
that, I try to restart the openser again. But,
when I run it again
(after restarting), I get 3 error messages. Here are the error
message:
[root@localhost openser]# openser restart
0(5783) parse error (27,12-13): parse error
0(5783) parse error (27,12-13): unknown config
variable
0(5783) parse error (27,14-15):
ERROR: bad config file (3 errors)
0(5783) destroy_tls: Entered
0(5783) shm_mem_destroy
[root@localhost openser]#
As I see, the error is at line 27. I see that it contain
"tls_verify=1"
and "tls_require_certificate=0". I
don`t know what is wrong with this
line because As I see from all mailinglist`s messages, they didn`t
change this line and if they change it, they just change the
value, for
example :
tls_verify = on
tls_require_certificate = on
I have tried this effort, but I get the same error message.
Does anybody can give me a suggestion what sould i do? Please...
2. If the error can be solved, how can I test my TLS configuration? I
mean how I can test whether it can run correctly ( It can secure the
communication system in openser)?
Please help me..I do hope anyone can help me to solve this problem.
Thank you.
Regards with cheers,
Ferianto
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US
(and 30+
countries) for 2ยข/min or
less._______________________________________________
Devel mailing list
Devel(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel
------------------------------------------------------------------------
See the all-new, redesigned Yahoo.com. Check it out.
<http://us.rd.yahoo.com/evt=40762/*http://www.yahoo.com/preview>