Thanks for the clarifications.
Now, when we ask the client to have a certificate, where do we control what client certificates will be accepted? I.e.: I don't want any valid certificate to authentcate but only those ones I accept as valid.
Moacir
Date: Thu, 23 May 2013 10:34:09 +0200 From: klaus.mailinglists@pernau.at To: miconda@gmail.com; sr-users@lists.sip-router.org Subject: Re: [SR-Users] TLS
On 22.05.2013 11:19, Daniel-Constantin Mierla wrote:
- Finally, do you know any free softphone that implements mutual TLS
authentication?
I am not aware of any.
Like the softphone authenticating the server based on server certificate?
MTLS just means, that the TLS server requires a certificate from the TLS client. Thus, between SIP clients and SIP server this merely means that not only the client authenticates the proxy, but the proxy also authenticates the client based on the client's TLS certificate.
Nice that Jitsi supports it - although I failed to configure Jitsi :-) If someone fails configuring TLS for Jitsi, see this howto: http://www.resiprocate.org/ReproMutualTLSAuthenticationJitsi#Setting_up_Jits...
I just found out that my QjSimple [1] also supports client certificates :-)
regards Klaus
[1] http://www.ipcom.at/en/telephony/qjsimple/
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users