Generate Client Cert For TLS Asterisk

Question

I'm trying to enable TLS b/w my asterisk powered voip server and clients(android devices), following the guidelines mentioned here. For generating client certs

./ast_tls_cert -m client -c /etc/asterisk/keys/ca.crt -k /etc/asterisk/keys/ca.key -C phone1.mycompany.com -O "My Super Company" -d /etc/asterisk/keys -o malcolm

"The "-C" option, since we're defining a client this time, is used to define the hostname or >IP address of our SIP phone"

i dont want to tightly couple the user with anyone IP address, how can i workaround this issue

score 1 · Accepted Answer · answered Nov 03 '14 at 17:30

1

Address just added to certificate

After that is client task check address same or differ

Most clients ignore that address at all, not check anything.

answered Nov 03 '14 at 17:30

arheops

15,544
1
21
27

sry i didnt understand, are you saying i should leave the filed empty? – Dakait Nov 03 '14 at 17:35
or you are saying i should enter the ip of the client, that will not make any difference? – Dakait Nov 03 '14 at 18:59
I am saying that soft usually ignore that info in certificate. You can put anything – arheops Nov 03 '14 at 21:33
can you have a look at this question, http://stackoverflow.com/q/26729200/1679410 – Dakait Nov 04 '14 at 06:46

Generate Client Cert For TLS Asterisk

1 Answers1