For this reason it needs to generate a fingerprint, which requires a certificate.
While you can find here  hints on how to generate a certificate, it may be useful to know that FreeSWITCH expects the certificate to be located in:
I inferred this from the source code rather than finding it documented somewhere, so this may save the reader some time.
(But feel free to comment and point to a related documentation).
And if you generate a pem file, you can retrieve the required .crt by copying from the .pem just the certificate part.
 http://wiki.freeswitch.org/wiki/SIP_TLS#Configuration - Note: this document refers to the generation of certificates to enable TLS, rather than DTLS. Don't get confused by references to SIP encryption, and simply focus on the certificate generation.
If I purchased a ssl certificate from godaddy. Should I replace the content in dtls-srtp.crt with the content of the file .crt that godaddy gave me?
I'm guessing it'd be sufficient.
1. You should also add the private key in /etc/freeswitch/tls/dtls-srtp.key
2. Just to be clear, obviously all this is related to DTLS-SRTP only, and it's independent to TLS. You can have DTLS-SRTP without TLS.
Hope it works for you.
Just want to say thanks for the blog on DTLS broReplyDelete
Thanks for your DTLS blog as related to FreeSWITCH. I have been struggling and will try this out in a day or two.ReplyDelete