Review Board 1.7.16


Add a contrib script for generating certs for TLS stuff

Review Request #979 - Created Oct. 21, 2010 and submitted

Terry Wilson
/branches/1.8/
Reviewers
asterisk-dev
Asterisk
After suffering through yet another fun day of setting up TLS certs for asterisk, I figured I'd knock out a quick script so I don't ever have to do it again.
I've generated a CA, client, and server cert, installed the client and CA certs on the Blink softphone, and set the server and CA certs in sip.conf. Everything works.

Example:
./ast_tls_cert -C pbx.mycompany.com -O "My Company"
./ast_tls_cert -m client -C "Joe User" -O "My Company" -c ca.crt -k ca.key -o joe_user

The first run would create the CA certs since the -c option wasn't passed and also asterisk.pem which would be copied to /etc/asterisk (or wherever) and used as the tlscertfile in sip.conf. The ca.crt can also be copied over and used as the tlscafile.

The second run would create a client certificate using the previously created CA cert and write out joe_user.pem. I then copied ca.rt and joe_user.pem and configured Blink to use them and to verify the server.
Posted (Oct. 22, 2010, 5:10 a.m.)
you are my hero
Ship it!
Posted (Oct. 22, 2010, 5:23 a.m.)
Thanks man!  This always takes me forever too.

https://reviewboard.asterisk.org/ runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to asteriskteam@digium.com.