From e71421ff23d6e5abf51eaa4d7f476b858a098a1c Mon Sep 17 00:00:00 2001 From: oej Date: Tue, 22 Jan 2008 09:46:28 +0000 Subject: [PATCH] Small fixes git-svn-id: http://svn.digium.com/svn/asterisk/trunk@99482 f38db490-d61c-443f-a65b-d21fe96a405b --- doc/siptls.txt | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/doc/siptls.txt b/doc/siptls.txt index 3a54bf095..482939aa1 100644 --- a/doc/siptls.txt +++ b/doc/siptls.txt @@ -4,17 +4,17 @@ Asterisk SIP/TLS Transport When using TLS the client will typically check the validity of the certificate chain. So that means you either need a certificate that is signed by one of the larger CAs, or if you use a self signed certificate -you must install a copy of your CA on the client. +you must install a copy of your CA certificate on the client. So far this code has been test with: -Asterisk as client and server (TLS and TCP) -Polycom Soundpoint IP Phones (TLS and TCP) +- Asterisk as client and server (TLS and TCP) +- Polycom Soundpoint IP Phones (TLS and TCP) Polycom phones require that the host (ip or hostname) that is configured match the 'common name' in the certificate -Minisip Softphone (TLS and TCP) -Cisco IOS Gateways (TCP only) -SNOM 360 (TLS only) -Zoiper Biz Softphone (TLS and TCP) +- Minisip Softphone (TLS and TCP) +- Cisco IOS Gateways (TCP only) +- SNOM 360 (TLS only) +- Zoiper Biz Softphone (TLS and TCP) sip.conf options @@ -26,7 +26,7 @@ tlsbindaddr= Specify IP address to bind TLS server to, default is 0.0.0.0 tlscertfile= - The server's certificate file. Should include the key and + The server's certificate file. Should include the key and certificate. This is mandatory if your going to run a TLS server. tlscafile= @@ -56,6 +56,7 @@ Here are the relevant bits of config for setting up TLS between 2 asterisk servers. With server_a registering to server_b On server_a: + [general] tlsenable=yes tlscertfgile=/etc/asterisk/asterisk.pem