But what is the problem even if somehow your password will be stolen hacker can't make a call because he needs certificate.of course if U setup ext to use TLS only On Mar 29, 2016 5:32 PM, "Markos Vakondios" <[email protected]> wrote:
> This would be very interesting, as we could register SIP devices securely > over the internet without the need for VPN. > Asterisk of course must accept only trusted client certificates the same > way an OpenVPN server does. > Anyone operating his/her remote endpoints like this? > Anyone advising against this solution? > > On 29 March 2016 at 04:51, Kevin Long <[email protected]> wrote: > >> >> >> I use TLS and SRTP on my Asterisk servers. The server certificates are >> signed by my internal CA, and the Root CA cert is distributed to the phones >> and soft phones so they will trust the server without warning. >> >> It is not clear to me if Asterisk can be configured to actually reject >> client connections/registrations from peers which do not possess a client >> certificate which has been signed by a particular CA ? >> >> If so, could it be such that the common name in the client certificate >> would need to match the username or Asterisk “extension” ? >> >> >> I’m wondering if this can be done , to have a second factor of >> authentication besides the SIP secret , since in my current setup, despite >> using a TLS/SSL cert for the server, the server only verifies the client by >> the SIP secret. >> >> Regards, >> >> Kevin Long >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
