Open Terminal:
[root@nixproo]# yum -y update
[root@nixproo]# yum -y upgrade //It will take taimes
Install Openssl and Openssl-devel:
[root@nixproo]# yum install openssl openssl-devel
[root@nixproo]# mkdir certificate
[root@nixproo]# cd certificate/
[root@nixproo certificate]# openssl genrsa -out key.pem 1024
Generating RSA private key, 1024 bit long modulus
.................++++++
.....................++++++
e is 65537 (0x10001)
[root@nixproo certificate]# ls
key.pem
[root@nixproo]# yum install openssl openssl-devel
[root@nixproo]# mkdir certificate
[root@nixproo]# cd certificate/
[root@nixproo certificate]# openssl genrsa -out key.pem 1024
Generating RSA private key, 1024 bit long modulus
.................++++++
.....................++++++
e is 65537 (0x10001)
[root@nixproo certificate]# ls
key.pem
[root@nixproo certificate]# openssl req -new -key key.pem -out request.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CA
State or Province Name (full name) []:VA
Locality Name (eg, city) [Default City]:VA
Organization Name (eg, company) [Default Company Ltd]:NP
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:nixproo
An optional company name []:
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CA
State or Province Name (full name) []:VA
Locality Name (eg, city) [Default City]:VA
Organization Name (eg, company) [Default Company Ltd]:NP
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:nixproo
An optional company name []:
[root@nixproo certificate]# ls
key.pem request.pem
key.pem request.pem
[root@nixproo certificate]# openssl x509 -req -days 3650 -in request.pem -signkey key.pem -out certificate.pem
subject=/C=BD/ST=DH/L=DH/O=EB/OU=IT
Getting Private key
[root@nixproo certificate]# ls
certificate.pem key.pem request.pem
[root@nixproo certificate]# cp certificate.pem asterisk.pem
[root@nixproo certificate]# cat key.pem >> asterisk.pem
[root@nixproo certificate]# vi /etc/asterisk/sip.conf //With Line number
210 tcpenable=yes
211 tcpbindaddr=0.0.0.0 //Default port:5060
214 tlsenable=yes
215 tlsbindaddr=0.0.0.0 //Default port:5061
542 tlscertfile=/etc/asterisk/certificate/asterisk.pem
561 tlsdontverifyserver=no
567 tlscipher=DES-CBC3-SHA
571 tlsclientmethod=tlsv1
Finally, go to (In sip.conf) one of your sip client contexts and add:
transport=tls
transport=tls
Save and exit the sip.conf file.
=== Run Server ==
#asterisk -r or asterisk -vvvvvvvvvvvgc
nixproo*CLI> sip reload
SSL certificate ok
No comments:
Post a Comment