
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    Hello,<br>

    <br>

    you can set the ca_list file with those ca certificates you want to

    accept:<br>

    <br>

    <a class="moz-txt-link-freetext" href="http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list">http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list</a><br>

    <br>

    Alternative, you accept all certificates and then use pv conditions

    to see and restrict the access based on who signed/emitted the

    client certificate.<br>

    <br>

    Cheers,<br>

    Daniel<br>

    <br>

    <div class="moz-cite-prefix">On 5/27/13 10:59 PM, Moacir Ferreira

      wrote:<br>

    </div>

    <blockquote cite="mid:COL125-W31A391716E07D9B4E5AC5BC8960@phx.gbl"

      type="cite">

      <style><!--

.hmmessage P

{

margin:0px;

padding:0px

}

body.hmmessage

{

font-size: 12pt;

font-family:Calibri

}

--></style>

      <div dir="ltr">Thanks for the clarifications.<br>

         <br>

        Now, when we ask the client to have a certificate, where do

        we control what client certificates will be accepted?<br>

        I.e.: I don't want any valid certificate to authentcate but only

        those ones I accept as valid.<br>

         <br>

        Moacir<br>

         <br>

        <div>> Date: Thu, 23 May 2013 10:34:09 +0200<br>

          > From: <a class="moz-txt-link-abbreviated" href="mailto:klaus.mailinglists@pernau.at">klaus.mailinglists@pernau.at</a><br>

          > To: <a class="moz-txt-link-abbreviated" href="mailto:miconda@gmail.com">miconda@gmail.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>

          > Subject: Re: [SR-Users] TLS<br>

          > <br>

          > <br>

          > <br>

          > On 22.05.2013 11:19, Daniel-Constantin Mierla wrote:<br>

          > >>><br>

          > >>> - Finally, do you know any free softphone

          that implements mutual TLS<br>

          > >>> authentication?<br>

          > >><br>

          > >> I am not aware of any.<br>

          > ><br>

          > > Like the softphone authenticating the server based

          on server certificate?<br>

          > <br>

          > MTLS just means, that the TLS server requires a

          certificate from the TLS <br>

          > client. Thus, between SIP clients and SIP server this

          merely means that <br>

          > not only the client authenticates the proxy, but the

          proxy also <br>

          > authenticates the client based on the client's TLS

          certificate.<br>

          > <br>

          > Nice that Jitsi supports it - although I failed to

          configure Jitsi :-) <br>

          > If someone fails configuring TLS for Jitsi, see this

          howto:<br>

          >

<a class="moz-txt-link-freetext" href="http://www.resiprocate.org/ReproMutualTLSAuthenticationJitsi#Setting_up_Jitsi">http://www.resiprocate.org/ReproMutualTLSAuthenticationJitsi#Setting_up_Jitsi</a><br>

          > <br>

          > I just found out that my QjSimple [1] also supports

          client certificates :-)<br>

          > <br>

          > <br>

          > regards<br>

          > Klaus<br>

          > <br>

          > [1] <a class="moz-txt-link-freetext" href="http://www.ipcom.at/en/telephony/qjsimple/">http://www.ipcom.at/en/telephony/qjsimple/</a><br>

          > <br>

          > _______________________________________________<br>

          > SIP Express Router (SER) and Kamailio (OpenSER) -

          sr-users mailing list<br>

          > <a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>

          >

          <a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>

<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>

<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>

Kamailio Advanced Training, San Francisco, USA - June 24-27, 2013

  * <a class="moz-txt-link-freetext" href="http://asipto.com/u/katu">http://asipto.com/u/katu</a> *</pre>

  </body>

</html>