Linphone上的SSL客户端证书验证 [英] SSL Client certificate verification on linphone

问题描述

我正在从星号官方网站教程

经过大量的努力和对ssl和证书的理解，我设法仅以一种方式保护它。
以下是最好的线索和方向：
使用linphone上的自签名证书的SSL

And after a lot of effort and understanding of ssl and certificates, I have managed to secure it only 1 way. Following was the best clue and direction: SSL using self signed certs on linphone

我如何利用客户端证书（上面的教程生成的证书）也在服务器上验证客户端；称为完全ssl身份验证

How can I make use of client certificates (which the above tutorial generated) to validate clients also on server; called full ssl authentication

我在linphonerc文件中了解了此设置： verify_client_certs = 1 ，但我不知道将客户端证书放在哪里？

I read about this setting in linphonerc file: "verify_client_certs=1" but I don't know where to put client certs?

推荐答案

Hi you can check on our wiki to more information about client certificats.

https://wiki.linphone.org/wiki/index.php/Security:ClientCertAuth

Security:ClientCertAuth

1. Creating Client certificate


    Generate a Certificate Signing Request

Creates a new private key and a certificate request with CN=username@domain

example test@test.linphone.org

    openssl req -new -keyout key.pem -out newreq.pem

    Sign the client certificate 

Creates newcert.pem certificate signed by root certificate. You will need to enter the passphrase of the cacert.pem

    openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem

Then extract the private key in a new file

    openssl rsa -in key.pem -out clientkey.pem

    Parameters for linphone

In linphonerc add path to client/key certificate

[sip]
client_cert_chain=/pathTo/newcert.pem
client_cert_key=/pathTo/clientkey.pem

这篇关于Linphone上的SSL客户端证书验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！