Certificates

From reSIProcate
Jump to navigation Jump to search

Certificates[edit]

In order to use certificates in resiprocate, either for using TLS or S/MIME (with DUM) - you must do the following:

  • build resiprocate with OpenSSL support enabled
  • Create a Security object, providing the path where resiprocate will look for certificates - Note: if you do not provide a path then the default is c:\sipcerts on windows or ~/.sipCerts on unix
  • Pass this Security object to the SipStack constructor
Security* security = new Security;
SipStack stack(security);
  • Place the base64 PEM format certificates in the path specified, and use the following naming scheme:
    • root_cert_<rootCA-name>.pem - public key for root CA. Note: the name after root_cert_ is not important. Resip will load all certs prefixed with root_cert_ at startup time, and will use these certificates to validate any domain certificate returned by a TLS server.
    • domain_cert_<domain-name>.pem - public key used for domain validation in TLS. Note: If there are multiple certificates in the chain, then they can all be provided in the one .pem file. If you only provide one certificate in this file, and you have the accompanying root cert in the store, then both the provided cert and the root cert will be in the TLS server handshake. If you provide more than one certificate in this file, and you want to include the root cert, then you must include the root cert manually into this domain certificate file. Certificates in the this file should be specified from top down. Ie. Highest level certificate first and root certificate last.
    • domain_key_<domain-name>.pem - private key used for domain validation in TLS (Server)
    • user_cert_<user_aor>.pem - public key used for user certificate validation (S/MIME)
    • user_key_<user_aor>.pem - private key used for user certificate validation (S/MIME)