Hi Feriante!
Please Cc: the list too.
To test TLS you have choose where you want to use TLS: - between the SIP clients and the SIP proxy - between SIP proxies and to gateways - both
between the SIP clients and the SIP proxy: get a SIP client which Supports TLS (eyebeam, minisip, SNOM phones (maybe also the SNOM softphone?))
between SIP proxies: get 2 domain names for each proxy (they can be hosted on the same PC with different ports). make NAPTR and SRV (RFC3263) entries with TLS as preferred protocol configure both proxies with the same rootCA configure both proxies with a client certificate and key use t_relay(). This should check NAPTR records and use tls as protocol.
regards klaus
Ferianto siregar wrote:
Dear Klaus Darilion,
Thank you very much for your kind-hearted to reply my message.Thanks I have tried your suggestion and it works. Thanks But, would you mind if I ask you a question anymore? How can I test my TLS configuration, so It can run as a security in voip communication? What should I prepare, Klaus? Would you mind.. Please help me..
Thanks with all regards,
Ferianto
*/Klaus Darilion klaus.mailinglists@pernau.at/* wrote:
Hi Feriante! The TLS syntax has changed and we have forgotten to update the default config file. As I sad, read the TLS tutorial (http://openser.org/docs/tls.html) and also the Wiki describes the new syntax (http://openser.org/dokuwiki/doku.php?id=migrating_openser_v1.0.x_to_v1.1.x). In your case: tls_verify_server = on tls_verify_client = on tls_require_client_certificate = on regards klaus On Fri, July 21, 2006 5:40, Ferianto siregar said: > Dear all, > > First of all I would like to say thanks to all of you who has given me > some helps and suggestions to solve my problem in configuring my openser > system. Thank you very much. > I have some questions in configuring the TLS now, I do hope anybody can > help me. These are the questions: > 1. Now, I try to configure the openser system for using the TLS. So, as > Klaus Darilion said before, I must configure openser.cfg file first. So, > I uncomment (enable) the TLS by deleting "#" in openser.cfg file. After > that, I try to restart the openser again. But, when I run it again > (after restarting), I get 3 error messages. Here are the error message: > [root@localhost openser]# openser restart > 0(5783) parse error (27,12-13): parse error > 0(5783) parse error (27,12-13): unknown config > variable > 0(5783) parse error (27,14-15): > ERROR: bad config file (3 errors) > 0(5783) destroy_tls: Entered > 0(5783) shm_mem_destroy > [root@localhost openser]# > > As I see, the error is at line 27. I see that it contain "tls_verify=1" > and "tls_require_certificate=0". I don`t know what is wrong with this > line because As I see from all mailinglist`s messages, they didn`t > change this line and if they change it, they just change the value, for > example : > tls_verify = on > tls_require_certificate = on > > I have tried this effort, but I get the same error message. > Does anybody can give me a suggestion what sould i do? Please... > > 2. If the error can be solved, how can I test my TLS configuration? I > mean how I can test whether it can run correctly ( It can secure the > communication system in openser)? > > Please help me..I do hope anyone can help me to solve this problem. > Thank you. > > > Regards with cheers, > > > > Ferianto > > > > > --------------------------------- > Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ > countries) for 2ยข/min or > less._______________________________________________ > Devel mailing list > Devel@openser.org > http://openser.org/cgi-bin/mailman/listinfo/devel >
See the all-new, redesigned Yahoo.com. Check it out. http://us.rd.yahoo.com/evt=40762/*http://www.yahoo.com/preview