Review Board 1.7.16

Add a contrib script for generating certs for TLS stuff

Review Request #979 - Created Oct. 21, 2010 and submitted

Terry Wilson
After suffering through yet another fun day of setting up TLS certs for asterisk, I figured I'd knock out a quick script so I don't ever have to do it again.
I've generated a CA, client, and server cert, installed the client and CA certs on the Blink softphone, and set the server and CA certs in sip.conf. Everything works.

./ast_tls_cert -C -O "My Company"
./ast_tls_cert -m client -C "Joe User" -O "My Company" -c ca.crt -k ca.key -o joe_user

The first run would create the CA certs since the -c option wasn't passed and also asterisk.pem which would be copied to /etc/asterisk (or wherever) and used as the tlscertfile in sip.conf. The ca.crt can also be copied over and used as the tlscafile.

The second run would create a client certificate using the previously created CA cert and write out joe_user.pem. I then copied ca.rt and joe_user.pem and configured Blink to use them and to verify the server.
Posted (Oct. 22, 2010, 5:10 a.m.)
you are my hero
Ship it!
Posted (Oct. 22, 2010, 5:23 a.m.)
Thanks man!  This always takes me forever too. runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to