diff options
| author | dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-04-24 21:22:31 +0000 |
|---|---|---|
| committer | dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-04-24 21:22:31 +0000 |
| commit | 1d52218463e22303625d0f3c66830698a385358d (patch) | |
| tree | c2829c1079c16807c9e5e9958eb3fdf96d9a25f6 /configs/sip.conf.sample | |
| parent | baf54d0843e1a130dd442bd10416af0fb605c945 (diff) | |
TLS/SSL private key option
Adds option to specify a private key .pem file when configuring TLS or SSL in AMI, HTTP, and SIP. Before this, the certificate file was used for both the public and private key. It is possible for this file to hold both, but most configurations allow for a separate private key file to be specified. Clarified in .conf files how these options are to be used. The current conf files do not explain how the private key is handled at all, so without knowledge of Asterisk's TLS implementation, it would be hard to know for sure what was going on or how to set it up.
Review: http://reviewboard.digium.com/r/234/
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@190545 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'configs/sip.conf.sample')
| -rw-r--r-- | configs/sip.conf.sample | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample index 46ac6e903..a9288817c 100644 --- a/configs/sip.conf.sample +++ b/configs/sip.conf.sample @@ -117,12 +117,16 @@ tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0 ; Remember that the IP address must match the common name (hostname) in the ; certificate, so you don't want to bind a TLS socket to multiple IP addresses. -;tlscertfile=asterisk.pem ; Certificate file (*.pem only) to use for TLS connections - ; default is to look for "asterisk.pem" in current directory +;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem only) to use for TLS connections + ; default is to look for "asterisk.pem" in current directory + +;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem only) for TLS connections. + ; If no tlsprivatekey is specified, tlscertfile is searched for + ; for both public and private key. ;tlscafile=</path/to/certificate> ; If the server your connecting to uses a self signed certificate -; you should have their certificate installed here so the code can +; you should have their certificate installed here so the code can ; verify the authenticity of their certificate. ;tlscadir=</path/to/ca/dir> |