탐색 도움말
가입하기 로그인
third
/
sofia-sip
의 미러 https://github.com/freeswitch/sofia-sip.git
2
0
포크 0
파일
트리: 9e5c40ed11
브랜치 태그
sofia-sip
/
libsofia-sip-ua
/
tport
/
certificates.html

certificates.html 2.4 KB
히스토리 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    2. 

  2. 

  3. <html>
    4. 

  4. <head>
    5. 

  5. <title>Generating SSL/TLS certificates for SIP agents and proxies</title>
    6. 

  6. </head>
    7. 

  7. <body>
    8. 

  8. <h1>Generating SSL/TLS certificates for SIP agents and proxies</h1>
    9. 

  9. <h2>Prerequisites</h2>
    10. 

  10. The openssl v0.96 or higher must be installed to create the certificates.
    11. 

  11. 

  12. <h2>To generate the random seed file</h2>
    13. 

  13. <strong><pre>$ tport_rand tls_seed.dat
    14. 

  14. </pre>
    15. 

  15. </strong>
    16. 

  16. 

  17. <h2>To generate the root authority certificate</h2>
    18. 

  18. <strong><pre>
    19. 

  19. $ make_root_cert.pl \
    20. 

  20.      -cn &lt;root common name&gt;\
    21. 

  21.      -dns &lt;comma separated list of root dns names&gt;\
    22. 

  22.     [-prefix &lt;prefix for the generated files&gt; (default root)]\
    23. 

  23.     [-rand &lt;random seed file&gt; (default tls_seed.dat)]</pre></strong>
    24. 

  24. 

  25. This command will generate files <strong>&lt;prefix&gt;key.pem</strong> (root private key), 
    26. 

  26. <strong>&lt;prefix&gt;cert.pem</strong> (root certificate) and <strong>&lt;prefix&gt;.pem</strong> (combination
    27. 

  27. of the key and the certificate). The latter file will be used to sign the node certificates.
    28. 

  28. 

  29. <h2>To generate a certificate for a single node (user agent or proxy)</h2>
    30. 

  30. <strong><pre>
    31. 

  31. $ make_node_cert.pl \
    32. 

  32.      -cn &lt;node common name&gt;\
    33. 

  33.      -dns &lt;comma separated list of node dns names&gt;\
    34. 

  34.     [-ca &lt;cafile&gt; (default root.pem)]\
    35. 

  35.     [-prefix &lt;prefix for the generated files&gt; (default agent)]\
    36. 

  36.     [-rand &lt;random seed file&gt; (default tls_seed.dat)]
    37. 

  37. </pre></strong>
    38. 

  38. This command will generate files <strong>&lt;prefix&gt;key.pem </strong> (node private key), 
    39. 

  39. <strong>&lt;prefix&gt;cert.pem</strong> (node certificate) and <strong>&lt;prefix&gt;.pem</strong> (combination
    40. 

  40. of the key and the certificate). The certificate has been signed with ca certificate
    41. 

  41. contained in <strong>&lt;cafile&gt;</strong>.
    42. 

  42. 

  43. <h2>Installing the certificates to the nodes</h2>
    44. 

  44. 

  45. <ol>
    46. 

  46. 

  47. <li>Copy the root certificate file (<strong>rootcert.pem</strong> by default - <strong>not root.pem or rootkey.pem!</strong>), 
    48. 

  48. the combined node certificate+key file (<strong>agent.pem</strong>) and <strong>tls_seed.dat</strong> to the tls configuration
    49. 

  49. directory (default <strong>$HOME/.sip/auth</strong>)</li>
    50. 

  50. 

  51. <li>Rename <strong>rootcert.pem</strong> as <strong>cafile.pem</strong></li>
    52. 

  52. </ol>
    53. 

  53. <p>
    54. 

  54. <strong>Note that files agent.pem and tls_seed.dat must be kept secret to
    55. 

  55. ensure secure connection</strong>  
    56. 

  56. </p>
    57. 

  57. 

  58. </ol>
    59. 

  59. </body>
    60. 

  60. </html>
    61. 

  61.