19 Mar
2012
19 Mar
'12
11:47 a.m.
Daniel-Constantin Mierla writes:
Is this by one ca_list only, or do you have many tls
domains, each with
own profile?
just a single ca_list and tls domain. my tls.cfg looks like this:
[client:default]
verify_certificate = yes
require_certificate = yes
tls_method = TLSv1
private_key = /etc/sip-proxy/certs/sip-proxy/key.pem
certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem
#ca_list = /etc/sip-proxy/certs/demoCA/cert.pem
ca_list = /etc/ssl/certs/ca-certificates.crt
[server:default]
verify_certificate = no
require_certificate = no
tls_method = SSLv23
private_key = /etc/sip-proxy/certs/sip-proxy/key.pem
certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem
#ca_list = /etc/sip-proxy/certs/demoCA/cert.pem
ca_list = /etc/ssl/certs/ca-certificates.crt
sending over tls works fine if i use line
ca_list = /etc/sip-proxy/certs/demoCA/cert.pem
where cert.pem contains just three ca certs one of them being cacert.org
ca cert that i use in this test.
-- juha