![]() ![]() Remove deprecated SWITCH_STACK_NODUP flag.Update libks version requirement to 1.8.2.Update libks to 1.8.2 and signalwire-client-c to 1.3.2 on Windows.Improve build time on Windows: Do not download a pre-compiled binary if it's found in a folder pointed by the FreeSWITCHBuildCachePath environment variable.SSL handshake has read 7 bytes and written 289 bytesį.uk alias internal ALIASED ![]() I get an error from this openssl test command, but Sofia status shows TLS is up (see below). Would you be able to let me know what files i need to generate/combine from what and which folders to place them in please? I enabled tls in the vars.xml and I've been playing around but keep getting certificate mismatches when trying to connect clients. I know i am supposed to concatenate either the private key, cert and maybe chain into certain pem files, but i can't find the definitive guide to do this and i'm very confused. I upload this and then downloaded my certificate and chain file from godaddy. I ran the script at the bottom of this page to generate the private key and CSR. ![]() I decided to use a commercial certificate from godaddy rather than a self signed. I've decided to go back to basics and get TLS/SRTP working first on a plain freeswitch install before tackling fusionpbx and webrtc. This gives me optional TLS outbound and inbound sessions with TLSv1, 1.1 and 1.2. My current settings are (Please ignore the "rtp_secure_media_suites" as they are broken) : To enable TLS session initiation, you need to add the "rtp_secure_media" options to your global settings or use an export statement in the outbound routes. Note2: Certificate verification is disabled by default - thus you do not need the CA or intermediate CA certificates from your provider to start.īy default, freeswitch will accept TLS requests but not initiate TLS sessions. You can adjust the settings in the "advanced -> variables" menu as seen above. Note1: I am using a subdirectory under "\etc\freeswitch\ssl" for each profile as this is the only way to use different cafile.pem and agent.pem files per profile. These are my settings for the external profile: Then you can activate TLS/SSL for your profiles by setting the option "_ssl_enable} to true in the "advanced -> variables" menu: Oce you have the certificates you must place them in the "/etc/freeswitch/ssl" directory and make shure that the user www-data has read access to them. You can use other certificates if you wish. Freeswitch provides some very good documentation on how to generate the required certificates with the "gentls_cert" utility provided by freeswitch. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |