Secure VoIP

From Taridium

Revision as of 12:03, 24 August 2010 (view source) Webmaster (Talk | contribs) ← Older edit		Revision as of 12:06, 24 August 2010 (view source) Webmaster (Talk | contribs) (→Creating a Key File and CA) Newer edit →
Line 22:		Line 22:
	$ openssl genrsa -out key.pem 1024		$ openssl genrsa -out key.pem 1024
		+
		+	Certificate Signing Request
		+
	$ openssl req -new -key key.pem -out req-ipbx_taridium.csr		$ openssl req -new -key key.pem -out req-ipbx_taridium.csr
		+
		+	Country Name (2 letter code) [GB]:US
		+	State or Province Name (full name) [Berkshire]:New York
		+	Locality Name (eg, city) [Newbury]:New York
		+	Organization Name (eg, company) [My Company Ltd]:Taridium
		+	Organizational Unit Name (eg, section) []:engineering
		+	Common Name (eg, your name or your server's hostname) []:pbx.taridium.com
		+	Email Address []:support@taridium.com
		+
		+	Please enter the following 'extra' attributes
		+	to be sent with your certificate request
		+	A challenge password []:
		+	An optional company name []:
		+
		+	Make sure your common name matches your server. Some phones will check for a matching name!
	===Creating a Self-Signed Certificate===		===Creating a Self-Signed Certificate===

---

Revision as of 12:06, 24 August 2010

THIS PAGE IS UNDER CONSTRUCTION!

Contents 1 Setting up ipbx 2 Configuring SIP/TLS 2.1 Creating a Key File and CA 2.2 Creating a Self-Signed Certificate 2.3 Installing the Certificate 3 Setting up your Device 3.1 ipbx Configuration 3.2 Device Configuration 3.2.1 Aastra 3.2.2 Counterpath Bria

Setting up ipbx

Configuring SIP/TLS

Creating a Key File and CA

$ openssl genrsa -des3 -out ca.key 4096

$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Sample CA Cert

 Country Name (2 letter code) [GB]:US
 State or Province Name (full name) [Berkshire]:New York
 Locality Name (eg, city) [Newbury]:New York
 Organization Name (eg, company) [My Company Ltd]:Taridium
 Organizational Unit Name (eg, section) []:engineering
 Common Name (eg, your name or your server's hostname) []:Taridium CA www.taridium.com
 Email Address []:info@taridium.com

$ openssl genrsa -out key.pem 1024

Certificate Signing Request

$ openssl req -new -key key.pem -out req-ipbx_taridium.csr

Country Name (2 letter code) [GB]:US
 State or Province Name (full name) [Berkshire]:New York
 Locality Name (eg, city) [Newbury]:New York
 Organization Name (eg, company) [My Company Ltd]:Taridium
 Organizational Unit Name (eg, section) []:engineering
 Common Name (eg, your name or your server's hostname) []:pbx.taridium.com
 Email Address []:support@taridium.com
 
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:

Make sure your common name matches your server. Some phones will check for a matching name!

Creating a Self-Signed Certificate

To create the self-signed certificate, do the following:

$ openssl x509 -req -days 365 -in req-ipbx_taridium.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out cert-ipbx.cert

Installing the Certificate

$ cat key.pem > asterisk.pem
$ cat cert-ipbx.cert >> asterisk.pem

$ mv asterisk.pem /etc/asterisk/
$ chown asterisk:asterisk /etc/asterisk/asterisk.pem

Setting up your Device

ipbx Configuration

Device Configuration

Aastra

Counterpath Bria

Place the ca.crt file on a webserver and load it using your browser to store it in our operatings system's ca