Wednesday, 21 August 2013

Where WebRTC-enabled FreeSWITCH expects the DTLS certificate

WebRTC-enabled FreeSWITCH uses DTLS-SRTP.
For this reason it needs to generate a fingerprint, which requires a certificate.

While you can find here [1] hints on how to generate a certificate, it may be useful to know that FreeSWITCH expects the certificate to be located in:

/etc/freeswitch/tls/dtls-srtp.crt

I inferred this from the source code rather than finding it documented somewhere, so this may save the reader some time.
(But feel free to comment and point to a related documentation).

And if you generate a pem file, you can retrieve the required .crt by copying from the .pem just the certificate part.

[1] http://wiki.freeswitch.org/wiki/SIP_TLS#Configuration - Note: this document refers to the generation of certificates to enable TLS, rather than DTLS. Don't get confused by references to SIP encryption, and simply focus on the certificate generation.