1

I was implementing secure calling from asterisk official site tutorial

And after a lot of effort and understanding of ssl and certificates, I have managed to secure it only 1 way. Following was the best clue and direction: SSL using self signed certs on linphone

How can I make use of client certificates (which the above tutorial generated) to validate clients also on server; called full ssl authentication

I read about this setting in linphonerc file: "verify_client_certs=1" but I don't know where to put client certs?

Community
  • 1
  • 1
Farhan
  • 13,290
  • 2
  • 33
  • 59

2 Answers2

3
Hi you can check on our wiki to more information about client certificats.

https://wiki.linphone.org/wiki/index.php/Security:ClientCertAuth

Security:ClientCertAuth

1. Creating Client certificate


    Generate a Certificate Signing Request

Creates a new private key and a certificate request with CN=username@domain

example test@test.linphone.org

    openssl req -new -keyout key.pem -out newreq.pem

    Sign the client certificate 

Creates newcert.pem certificate signed by root certificate. You will need to enter the passphrase of the cacert.pem

    openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem

Then extract the private key in a new file

    openssl rsa -in key.pem -out clientkey.pem

    Parameters for linphone

In linphonerc add path to client/key certificate

[sip]
client_cert_chain=/pathTo/newcert.pem
client_cert_key=/pathTo/clientkey.pem
Erwan Croze
  • 128
  • 4
  • brother!!!!... God will reward you.. You saved a lot of trouble. and just saying, I tried many times to open the link, but it was unreachable and i thought its broken lol.. but thanx. It worked like a charm (Y) – Farhan Jan 11 '17 at 13:54
  • Hello do you know how to disable TLS certificate verification from Android App ? – user987760 Aug 06 '19 at 15:13
0

Please, confirm where in following command we use cacert.pem

openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem

also i have trying to use self signed ca certficate to setup asterisk with linphone. But i could'nt figure where in linphone app i have to put the client cert or even would it work if i just add my rootca.pem to the rootca.pem in the provided source for linphone-android

JayMan89
  • 31
  • 4
  • certificates are placed in folder: res->raw. rootca.pem is the root ca which will be used to authenticate the server certificates. since a certificate is generated using rootca, be it a server certificate or client certificate. you can use same rootca on both sides or different. in that case, server should have a copy of client's rootca so when client will sent its certificate during ssl handshake, server can proceed to verfication using the rootca from client. – Farhan Dec 24 '17 at 07:23