我正在实施asterisk official site tutorial的安全通话
经过对ssl和证书的大量努力和理解,我已经设法只保证了一种方式。以下是最好的线索和方向:SSL using self signed certs on linphone
如何使用客户端证书(上面教程生成的)来验证服务器上的客户端;称为完全ssl身份验证
我在linphonerc文件中读到了这个设置:"verify_client_certs=1"
但是我不知道在哪里放置客户端证书?
Hi you can check on our wiki to more information about client certificats.
https://wiki.linphone.org/wiki/index.php/Security:ClientCertAuth
Security:ClientCertAuth
1. Creating Client certificate
Generate a Certificate Signing Request
Creates a new private key and a certificate request with CN=username@domain
example [email protected]
openssl req -new -keyout key.pem -out newreq.pem
Sign the client certificate
Creates newcert.pem certificate signed by root certificate. You will need to enter the passphrase of the cacert.pem
openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem
Then extract the private key in a new file
openssl rsa -in key.pem -out clientkey.pem
Parameters for linphone
In linphonerc add path to client/key certificate
[sip]
client_cert_chain=/pathTo/newcert.pem
client_cert_key=/pathTo/clientkey.pem
请确认以下命令在哪里使用cacert.pem
openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem
我也尝试使用自签名的ca certficate来设置带有linphone的星号。但是我无法想象在linphone应用程序中我必须放置客户端证书,甚至如果我只是将我的rootca.pem添加到linphone-android提供的源中的rootca.pem它会工作