For this reason it needs to generate a fingerprint, which requires a certificate.
While you can find here [1] hints on how to generate a certificate, it may be useful to know that FreeSWITCH expects the certificate to be located in:
/etc/freeswitch/tls/dtls-srtp.crt
I inferred this from the source code rather than finding it documented somewhere, so this may save the reader some time.
(But feel free to comment and point to a related documentation).
And if you generate a pem file, you can retrieve the required .crt by copying from the .pem just the certificate part.
[1] http://wiki.freeswitch.org/wiki/SIP_TLS#Configuration - Note: this document refers to the generation of certificates to enable TLS, rather than DTLS. Don't get confused by references to SIP encryption, and simply focus on the certificate generation.
Hi Giacomo,
ReplyDeleteIf I purchased a ssl certificate from godaddy. Should I replace the content in dtls-srtp.crt with the content of the file .crt that godaddy gave me?
Hi Gustavo,
ReplyDeleteI'm guessing it'd be sufficient.
Two notes:
1. You should also add the private key in /etc/freeswitch/tls/dtls-srtp.key
2. Just to be clear, obviously all this is related to DTLS-SRTP only, and it's independent to TLS. You can have DTLS-SRTP without TLS.
Hope it works for you.
Big thanks.
ReplyDeleteJust want to say thanks for the blog on DTLS bro
ReplyDeleteThanks for your DTLS blog as related to FreeSWITCH. I have been struggling and will try this out in a day or two.
ReplyDelete