Talk:SIP TLS

From FreeSWITCH Wiki
Jump to: navigation, search

gentls_cert missing

gentls_cert is missing on my debian installation. There need to be a description howto get it.

freeswitch:/opt/freeswitch# find ./ |grep gentls_cert
freeswitch:/opt/freeswitch#

  • I'm going to guess the original author of this document had something else installed (such as gnutls-bin) and/or something else enabled in the build configuration that you don't. But this is just speculation. I don't yet have a FS installation; it's on the "to do" list :-)

-cn option on gentls_cert for root cert generation?

(note: moved from main page; discussions do not belong in the page, they're supposed to be here.)

[ Note: The name given for -cn and -alt must be the same as the DNS name of your freeswitch installation and used as the registrar name on the phone (at least on Polycoms). ]

I think this comment is incorrect, it may apply to the server certificate not for the CA itself.

  • I concur. Root private keys are used to sign other certs, so the CN is likely to be irrelevant. Furthermore, Subject Alt Names is likely to be superfluous, as the only reason these should be needed is if the CN does not match. However, I don't have a Polycom with which to try this, so I can't speak to its firmware.