On 09/02/12 01:41, Daniel Pocock wrote:
I've been contemplating Daniel's earlier question about using the CAcert
certificates with Lumicall
sip5060.net should already accept mutual authentication from other
Kamailio instances running with a CAcert certificate
However, the Lumicall dialer itself will only connect to servers that
are using a cert signed by a root CA trusted within Android. This
applies to both the SIP and STUN over TLS support.
CAcert.org now supported...
Installing Lumicall does not change the trusted CAs for all apps on the
phone. It only adds the CACert (class 1 root) for the SIP TLS transport
within the app. This means you can use a
CAcert.org cert on a Kamailio
server, and Lumicall will trust it.
On a side note, I've noticed that
CAcert.org is allowing subjectAltName
(DNSName) within the certs it issues: this is another good reason to use
the
CAcert.org certs, other CAs are quite awkward (or expensive) for
subjectAltName, and it is really useful for running multiple/virtual
hosted domains on a single SIP server.
I would be interested in any feedback about this, either for the
Lumicall app, or the interconnect to/from
sip5060.net over TLS