[OpenSIPS-Users] OpenSIPs with mutual TLS and client CA lists
Alexey Vasilyev
alexei.vasilyev at gmail.com
Mon Jul 15 02:02:46 EDT 2019
Hi Phil,
Previous screenshot was cut by mailing list, so it is here
https://screenshot.net/yzggmfv
I've sent DNs for all CAs, which has Centos 7
(/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem). There are 133 CAs.
You can build and try branch 3.0:
https://github.com/vasilevalex/opensips/tree/mutual_tls
branch 2.4: https://github.com/vasilevalex/opensips/tree/ca_client_24
If you use certificates in DB (as I do), you should add one more column (eg.
for MySQL):
ALTER TABLE tls_mgm_alone ADD COLUMN ca_client_send INT(1) DEFAULT 0;
And set it to 1.
If you don't use certificates from DB, there is parameter for domain:
modparam("tls_mgm", "ca_client_send", "[dom]1")
For this domain OpenSIPS adds DNs to Certificate request.
-----
---
Alexey Vasilyev
--
Sent from: http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html
More information about the Users
mailing list