For this reason it needs to generate a fingerprint, which requires a certificate.
While you can find here [1] hints on how to generate a certificate, it may be useful to know that FreeSWITCH expects the certificate to be located in:
/etc/freeswitch/tls/dtls-srtp.crt
I inferred this from the source code rather than finding it documented somewhere, so this may save the reader some time.
(But feel free to comment and point to a related documentation).
And if you generate a pem file, you can retrieve the required .crt by copying from the .pem just the certificate part.
[1] http://wiki.freeswitch.org/wiki/SIP_TLS#Configuration - Note: this document refers to the generation of certificates to enable TLS, rather than DTLS. Don't get confused by references to SIP encryption, and simply focus on the certificate generation.