<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hello,<br>
<br>
you can set the ca_list file with those ca certificates you want to
accept:<br>
<br>
<a class="moz-txt-link-freetext" href="http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list">http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list</a><br>
<br>
Alternative, you accept all certificates and then use pv conditions
to see and restrict the access based on who signed/emitted the
client certificate.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 5/27/13 10:59 PM, Moacir Ferreira
wrote:<br>
</div>
<blockquote cite="mid:COL125-W31A391716E07D9B4E5AC5BC8960@phx.gbl"
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">Thanks for the clarifications.<br>
<br>
Now, when we ask the client to have a certificate, where do
we control what client certificates will be accepted?<br>
I.e.: I don't want any valid certificate to authentcate but only
those ones I accept as valid.<br>
<br>
Moacir<br>
<br>
<div>> Date: Thu, 23 May 2013 10:34:09 +0200<br>
> From: <a class="moz-txt-link-abbreviated" href="mailto:klaus.mailinglists@pernau.at">klaus.mailinglists@pernau.at</a><br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:miconda@gmail.com">miconda@gmail.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
> Subject: Re: [SR-Users] TLS<br>
> <br>
> <br>
> <br>
> On 22.05.2013 11:19, Daniel-Constantin Mierla wrote:<br>
> >>><br>
> >>> - Finally, do you know any free softphone
that implements mutual TLS<br>
> >>> authentication?<br>
> >><br>
> >> I am not aware of any.<br>
> ><br>
> > Like the softphone authenticating the server based
on server certificate?<br>
> <br>
> MTLS just means, that the TLS server requires a
certificate from the TLS <br>
> client. Thus, between SIP clients and SIP server this
merely means that <br>
> not only the client authenticates the proxy, but the
proxy also <br>
> authenticates the client based on the client's TLS
certificate.<br>
> <br>
> Nice that Jitsi supports it - although I failed to
configure Jitsi :-) <br>
> If someone fails configuring TLS for Jitsi, see this
howto:<br>
>
<a class="moz-txt-link-freetext" href="http://www.resiprocate.org/ReproMutualTLSAuthenticationJitsi#Setting_up_Jitsi">http://www.resiprocate.org/ReproMutualTLSAuthenticationJitsi#Setting_up_Jitsi</a><br>
> <br>
> I just found out that my QjSimple [1] also supports
client certificates :-)<br>
> <br>
> <br>
> regards<br>
> Klaus<br>
> <br>
> [1] <a class="moz-txt-link-freetext" href="http://www.ipcom.at/en/telephony/qjsimple/">http://www.ipcom.at/en/telephony/qjsimple/</a><br>
> <br>
> _______________________________________________<br>
> SIP Express Router (SER) and Kamailio (OpenSER) -
sr-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Kamailio Advanced Training, San Francisco, USA - June 24-27, 2013
* <a class="moz-txt-link-freetext" href="http://asipto.com/u/katu">http://asipto.com/u/katu</a> *</pre>
</body>
</html>