问题
I was implementing secure calling from asterisk official site tutorial
And after a lot of effort and understanding of ssl and certificates, I have managed to secure it only 1 way. Following was the best clue and direction: SSL using self signed certs on linphone
How can I make use of client certificates (which the above tutorial generated) to validate clients also on server; called full ssl authentication
I read about this setting in linphonerc file: "verify_client_certs=1" but I don't know where to put client certs?
回答1:
Hi you can check on our wiki to more information about client certificats.
https://wiki.linphone.org/wiki/index.php/Security:ClientCertAuth
Security:ClientCertAuth
1. Creating Client certificate
Generate a Certificate Signing Request
Creates a new private key and a certificate request with CN=username@domain
example test@test.linphone.org
openssl req -new -keyout key.pem -out newreq.pem
Sign the client certificate
Creates newcert.pem certificate signed by root certificate. You will need to enter the passphrase of the cacert.pem
openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem
Then extract the private key in a new file
openssl rsa -in key.pem -out clientkey.pem
Parameters for linphone
In linphonerc add path to client/key certificate
[sip]
client_cert_chain=/pathTo/newcert.pem
client_cert_key=/pathTo/clientkey.pem
回答2:
Please, confirm where in following command we use cacert.pem
openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem
also i have trying to use self signed ca certficate to setup asterisk with linphone. But i could'nt figure where in linphone app i have to put the client cert or even would it work if i just add my rootca.pem to the rootca.pem in the provided source for linphone-android
来源:https://stackoverflow.com/questions/41462750/ssl-client-certificate-verification-on-linphone