1. Brekeke Product Name and Version: Brekeke SIP Server, Version 3.9.1.3
2. Java version: 1.8.0_201
3. OS type and the version: Windows 10 Pro, 64bit OS
4. UA (phone), gateway or other hardware/software involved: -
5. Your problem:
First of all if this problem is not related to Brekeke, I am sorry for taking your time. I am new to both SIP and TLS.
I am trying to use self signed certificates with both sides verifying each other.
When "Request Client certificate = on", client certificates with "common name = IP" are able to get to the "200 OK" message. However if common name is different of a client signed by the same root I get "alert certificate unknown".
My question is: is this problem related to me not being able to configure Brekeke properly? If so could you point me in the right direction?
I have read that it is highly recommended to not skip name verification (if it is possible to skip at all). However I would like to be able to verify certificates through only the signature verification process, without a need for IP or domain information in the certificate subject name fields (CN, SAN).
Thank you for your time.
TLS client verification without IP in the name fields
Moderator: Brekeke Support Team
Thank you for the reply Tata.
I currently have [Peer Certification Validation] = "off".
My other TLS related configuration on the same page are as follows:
[TLS-handling] = "on"
[Queue Size] = "50"
[Maximum Active Connections] = "0" which is unlimited
[Enable TLS 1.0 or older] = "disable"
[Request Client Certificate] = "on"
Also on the client side I am using PJSIP through the higher layer PJSUA API if that is relevant.
I currently have [Peer Certification Validation] = "off".
My other TLS related configuration on the same page are as follows:
[TLS-handling] = "on"
[Queue Size] = "50"
[Maximum Active Connections] = "0" which is unlimited
[Enable TLS 1.0 or older] = "disable"
[Request Client Certificate] = "on"
Also on the client side I am using PJSIP through the higher layer PJSUA API if that is relevant.