Wednesday 21 August 2013

Where WebRTC-enabled FreeSWITCH expects the DTLS certificate

WebRTC-enabled FreeSWITCH uses DTLS-SRTP.
For this reason it needs to generate a fingerprint, which requires a certificate.

While you can find here [1] hints on how to generate a certificate, it may be useful to know that FreeSWITCH expects the certificate to be located in:

/etc/freeswitch/tls/dtls-srtp.crt

I inferred this from the source code rather than finding it documented somewhere, so this may save the reader some time.
(But feel free to comment and point to a related documentation).

And if you generate a pem file, you can retrieve the required .crt by copying from the .pem just the certificate part.

[1] http://wiki.freeswitch.org/wiki/SIP_TLS#Configuration - Note: this document refers to the generation of certificates to enable TLS, rather than DTLS. Don't get confused by references to SIP encryption, and simply focus on the certificate generation.

About ICE negotiation

Disclaimer: I wrote this article on March 2022 while working with Subspace, and the original link is here:  https://subspace.com/resources/i...