Author Topic: how to configure yate for tls client auth with a certificate to a sip trunk?  (Read 2030 times)

abma

  • Newbie
  • *
  • Posts: 19
    • View Profile
i'm trying to configure an encrypted connection to a sip trunk in yate. the isp followed the standard "Sip Connect 1.1" and requires the sip client (=yate) to connect via a signed client certificate. Its also required that the client sends the certificate chain when connecting.

this connection works:

openssl s_client  -connect <ip>:5061 -CAfile server.pem -cert server.pem -key server.key -debug


does yate support this at all? i couldn't find openssl config parameters for  client connections to a sip trunk.

i'm still getting the same errors as in http://forum.yate.ro/index.php?topic=552.0 (but now i have a valid certificate which works with openssl s_client...)

marian

  • Hero Member
  • *****
  • Posts: 513
    • View Profile
Hi,

For SIP the following options are available in ysipchan.conf:
[general]
ssl_certificate_file=
ssl_key_file=

This will apply for all TLS client connections.
See http://docs.yate.ro/wiki/Ysipchan

abma

  • Newbie
  • *
  • Posts: 19
    • View Profile
thanks, this worked!

i totally missed the config setting in ysipchan.conf. for some reason i thought all ssl/tls related config settings are in openssl.conf.