Generating TLS certificates (win32)

From FreeSWITCH Wiki

Jump to: navigation, search

(This is a temporary solution for Windows users until an automatic script is available)

[edit]

Creating new CA and certificate

  • Download and install OpenSSL for Win32 from Shining Light Productions (let's assume you installed on C:\OpenSSL)
  • Create a CA directory under freeswitch/conf/ssl called CA: 
mkdir “c:\program files\freeswitch\conf\ssl\CA”
  • Create two temporary files in this new directory:
c:\program files\freeswitch\conf\ssl\CA\tmpfile1.cfg 
[ req ]
default_bits            = 1024
prompt                  = no
distinguished_name      = req_dn

[ req_dn ]
commonName              = FreesSWITCH CA
organizationName	= FreeSWITCH

[ ext ]
basicConstraints=CA:TRUE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
c:\program files\freeswitch\conf\ssl\CA\tmpfile2.cfg 
[ req ]
default_bits            = 1024
prompt                  = no
distinguished_name      = req_dn

[ req_dn ]
commonName              = FreesSWITCH CA
organizationName	= FreeSWITCH

[ ext ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
subjectAltName=DNS:test.freeswitch.org
  • To set up new CA certificate, run these commands under this new directory (chdir "c:\program files\freeswitch\conf\ssl\CA"): 
C:\OpenSSL\bin\openssl req -new -out "careq.pem" -newkey rsa:1024 -keyout "cakey.pem" -config "tmpfile1.cfg" -nodes -sha1

C:\OpenSSL\bin\openssl x509 -req -signkey "cakey.pem" -in "careq.pem" -out "cacert.pem" -extfile "tmpfile1.cfg" -extensions ext -days 365 -sha1
  • To generate a certificate, run this under the same directory: 
C:\OpenSSL\bin\openssl req -new -out "tmpfile2.req" -newkey rsa:1024 -keyout "tmpfile3.key" -config "tmpfile2.cfg" -nodes -sha1

C:\OpenSSL\bin\openssl x509 -req -CAkey "cakey.pem" -CA "cacert.pem" -CAcreateserial -in "tmpfile2.req" -out "tmpfile3.crt" -extfile "tmpfile2.cfg" -extensions ext -days 365 -sha1
  • Move the final certificates in their final position: 
copy cacert.pem ..

copy tmpfile3.* ..\agent.pem
  • Erase all the temporary files: 
del tmpfile*.*
[edit]

Removing the CA

To remove the CA, just delete the CA directory: 

rmdir /s /q "c:\program files\freeswitch\conf\ssl\CA"
[edit]

Customization

You might consider changing these according to your settings: 

commonName		=FreesSWITCH CA	customize your own CA name
organizationName	=FreeSWITCH	Put your own organization name
subjectAltName		=DNS:test.freeswitch.org	Your own DNS
copy tmpfile3.* ..\agent.pem	depending on the certificate name you need
Retrieved from "http://wiki.freeswitch.org/wiki/Generating_TLS_certificates_%28win32%29"
Personal tools
Community