Author |
Message |
anodin Brekeke Member
Joined: 09 Jul 2012 Posts: 14
Location: PARIS
|
Posted: Tue Jul 10, 2012 7:49 am Post subject: TLS Question |
|
|
1. Brekeke Product Name and version:
Brekeke SIP Server , Version 3.0.6.3 Evaluation
2. Java version:
1.7.0
3. OS type and the version:
Windows Server 2008 Standard Edition
4. UA (phone), gateway or other hardware/software involved:
OpenSSL
5. Network pattern:
1
6. Your problem:
Hi! I'm trying to configure TLS handling on Brekeke's SIP Server with OpenSSL following this :
http://wiki.brekeke.com/wiki/Key-and-Certificate
I've tried several keys and certificates I've generated with OpenSSL but I've never got "TLS" to be shown at the "Transport" field in the "Server Status"
Anybody succeeded ? What kind of certificate and key are needed : CA, server, user, self-signed ? |
|
Back to top |
|
lakeview Brekeke Master Guru
Joined: 15 Nov 2007 Posts: 319
Location: Florida
|
Posted: Tue Jul 10, 2012 9:15 am Post subject: |
|
|
Are you using Advanced Edition of Brekeke SIP Server v3?
The TLS handling is available in the Advanced Edition only. |
|
Back to top |
|
anodin Brekeke Member
Joined: 09 Jul 2012 Posts: 14
Location: PARIS
|
Posted: Tue Jul 10, 2012 2:12 pm Post subject: |
|
|
Well I'm actually using an evaluation version that, as you said, states that only advanced version handles TLS.
But as I was able to activate TLS, upload certificate /key... I guessed that it was allowed for evaluation :
http://i45.tinypic.com/2uojvr8.png |
|
Back to top |
|
lakeview Brekeke Master Guru
Joined: 15 Nov 2007 Posts: 319
Location: Florida
|
Posted: Tue Jul 10, 2012 8:53 pm Post subject: |
|
|
Did you follow the wiki?
http://wiki.brekeke.com/wiki/Key-and-Certificate
Did you set the server's IP address as the CN (Common Name) when you made the server certificate?
Are you using any CA service? |
|
Back to top |
|
Harold Brekeke Master Guru
Joined: 21 Sep 2008 Posts: 289
Location: Japan
|
Posted: Tue Jul 10, 2012 11:30 pm Post subject: |
|
|
It might help you.
Quote: |
CREATE THE CERTIFICATION AUTHORITY (CA) CERTIFICATE
1) Generate the key for the CA certificate
> openssl genrsa -des3 -out ca.key 2048
- Enter an appropriate pass phrase.
2) Show the key
> openssl rsa -noout -text -in ca.key
3) Compose the CA certificate from the key
> openssl req -new -x509 -days 2555 -key ca.key -out ca.crt
- Enter a certification authority name in [Common Name] (CN) field.
For example: TEST-CA
4) Show the CA certificate
> openssl x509 -noout -text -in ca.crt
CREATE THE SERVER CERTIFICATE
1) Generate the key for the server certificate
> openssl genrsa -out server.key 2048
2) Show the key
> openssl rsa -noout -text -in server.key
3) Compose the server certificate from the key
> openssl req -new -key server.key -out server.csr
- Enter a SIP server's IP address in [Common Name] (CN) field.
For example: 172.16.14.11
4) Sign the server certificate with the CA certificate
> openssl x509 -days 365 -CA ca.crt -CAkey ca.key -req -CAcreateserial -CAserial ca.srl -in server.csr -out server.crt
5) Show the server certificate
> openssl x509 -noout -text -in server.crt
6) Convert to DER file
> openssl x509 -in server.crt -out cert.der -outform der
> openssl pkcs8 -topk8 -nocrypt -in server.key -out key.der -outform der
- cert.der: server's certificate in DER format
- server.der: server's key in DER format
UPLOAD THE DER FILES
Upload DER files "server.der" and "cert.der" in the [Configuration] -> [SIP] page -> [TLS].
|
|
|
Back to top |
|
anodin Brekeke Member
Joined: 09 Jul 2012 Posts: 14
Location: PARIS
|
Posted: Wed Jul 11, 2012 12:59 am Post subject: |
|
|
Thanks you both, yeah I had pretty much the same settings but with the hostname instead of the IP.
Harold, I've followed your OpenSSL commands, I still can't see that TLS appear. Maybe evaluation version doesn't handle TLS finally.
I'm trying the diagnostic commands to see if it is working anyway. |
|
Back to top |
|
Harold Brekeke Master Guru
Joined: 21 Sep 2008 Posts: 289
Location: Japan
|
|
Back to top |
|
anodin Brekeke Member
Joined: 09 Jul 2012 Posts: 14
Location: PARIS
|
Posted: Wed Jul 11, 2012 12:04 pm Post subject: |
|
|
Well, I had some tricky moves when I've uploaded several certs / keys before trying your solution. So I'm reinstalling the server to see what I can get from that.
Glad to know it works under evalution.
To be very clear, when you've uploaded key & cert and restarted your server, did TLS showed up in transport field ? |
|
Back to top |
|
Harold Brekeke Master Guru
Joined: 21 Sep 2008 Posts: 289
Location: Japan
|
Posted: Wed Jul 11, 2012 3:53 pm Post subject: |
|
|
I can see "TLS" in the [transport] field at the [Server Status] page.
If there is no "TLS", there are something wrong.
Are there any error messages in the log? |
|
Back to top |
|
hope Brekeke Master Guru
Joined: 15 Jan 2008 Posts: 862
|
Posted: Wed Jul 11, 2012 4:43 pm Post subject: |
|
|
tls key and cert can be uploaded even with eval license
but cannot use if not in advanced edition |
|
Back to top |
|
janP Brekeke Master Guru
Joined: 25 Nov 2007 Posts: 336
|
Posted: Wed Jul 11, 2012 4:54 pm Post subject: |
|
|
There are two types of evaluation versions.
Evaluation and Advanced Edition's Evaluation.
It seems you are using an Evaluation and Harold is using Advanced Edition's Evaluation.
An Evaluation version doesn't have TLS handling function as hope said.
If you want to try Advanced Edition's Evaluation, fill the request form.
http://www.brekeke.com/company/company_contact_form_bss-adv.php |
|
Back to top |
|
anodin Brekeke Member
Joined: 09 Jul 2012 Posts: 14
Location: PARIS
|
Posted: Thu Jul 12, 2012 2:47 am Post subject: |
|
|
Alright ok, it's clear now. I was confused by the fact that you can select advanced version and download on Brekeke's site.
Anyway, I've asked for an advanced evaluation version.
I had asked an academic version at the very begining, never had an answer, I hope it won't be the same this time. |
|
Back to top |
|
anodin Brekeke Member
Joined: 09 Jul 2012 Posts: 14
Location: PARIS
|
Posted: Thu Jul 12, 2012 12:00 pm Post subject: |
|
|
Great!!! Just got a license! I'll try it & let you know |
|
Back to top |
|
Mike Support Team
Joined: 07 Mar 2005 Posts: 733
Location: Sunny San Mateo
|
Posted: Thu Jul 12, 2012 12:04 pm Post subject: |
|
|
Hi anodin,
Thank you for using Brekeke SIP Server.
I've asked our licensing team to send an Academic license to you.
Have fun. |
|
Back to top |
|
|