Dear all,
First, My special thanks to Bogdan who has helped me to solve my problem in building my openser system and Thank you very much to all the users in this forum. Thanks. I use openser.1.1.0-tls_src.tar.gz. I have built it as shown in the installation guide from openser website. In my openser system, I plan to build TLS, so I build it by using command: # make TLS=1 all # make TLS=1 install
The installation progress run without any error. But, I have some questions about the installation. They are: 1. How can I check the TLS in my system? I mean How I check whether it has built correctly or not. 2. Can I test it before I configure the openser.cfg file? or I must configure it first? 3. About the certificate, If I use the default certificate (which comes in the packet), how can I configure the certificate for tls_certificate, tls_private_key, and tls_ca_list. Do I need any configuration or I just enable it by deleting the "#" character)? Because as I shown from any massages in this forum, everybody who sent their openser.cfg file, use their own certificate. But,in this case, I don`t have any certificates because I don`t know how to get it (should I buy it or not)
I do hope anybody can help me. So, my problem in understanding TLS system can be decreased. Please help me...Please
Thanks with cheers
Ferianto
--------------------------------- Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.
Ferianto siregar wrote:
Dear all,
First, My special thanks to Bogdan who has helped me to solve my problem in building my openser system and Thank you very much to all the users in this forum. Thanks. I use openser.1.1.0-tls_src.tar.gz. I have built it as shown in the installation guide from openser website. In my openser system, I plan to build TLS, so I build it by using command: # make TLS=1 all # make TLS=1 install
The installation progress run without any error. But, I have some questions about the installation. They are:
- How can I check the TLS in my system? I mean How I check whether it
has built correctly or not.
If there are no error messages during building it should be fine. You can also use "openser -V" to see the build options:
server1:~# openser -V version: openser 1.1.0-tls (i386/linux) flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE, USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
- Can I test it before I configure the openser.cfg file? or I must
configure it first?
You have to configure it first. But the default openser.cfg should allow to start openser. To test TLS you have to add some TLS configuration. Please read the TLS README for this purpose. And also increase the debug level and watch syslog messages for TLS errors during openser startup.
- About the certificate, If I use the default certificate (which comes
in the packet), how can I configure the certificate for tls_certificate, tls_private_key, and tls_ca_list. Do I need any configuration or I just enable it by deleting the "#" character)?
Just enable it. Just make sure that the path is correct (it should be, but you never know ...)
Because as I shown from any massages in this forum, everybody who sent their openser.cfg file, use their own certificate.
Of course for a real production setup you will use your own certificates. Don't trust a demo CA. Only trust well known CAs (verisign ... ) or make yourself a CA which signs the certificates.
But,in this case, I don`t have any certificates because I don`t know how to get it (should I buy it or not)
It depends. Currently TLS is mostly used on private environments. Here you won't pay for certificates as self-made certificates are adequate. Just google for certificate and SSL/TLS howtos. The basics are the same for web servers and SIP proxies.
I do hope anybody can help me. So, my problem in understanding TLS system can be decreased. Please help me...Please
Read the TLS README and play around. Use ssldump to debug. Increase the loglevel and watch syslog error messages, ...
http://openser.org/docs/tls.html
regards klaus
Thanks with cheers
Ferianto
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min. http://us.rd.yahoo.com/mail_us/taglines/postman7/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com
http://us.rd.yahoo.com/mail_us/taglines/postman7/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com
Devel mailing list Devel@openser.org http://openser.org/cgi-bin/mailman/listinfo/devel http://us.rd.yahoo.com/mail_us/taglines/postman7/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com
-
Ferianto siregar -
Klaus Darilion