Re: wtls
Let me rephrase my question, because I am bombarded by humour :-) In my experiences with wap I have never configured wtls. There are no examples in documentation. I have never needed it. When do we need to configure it in? Is it bearerbox or wapbox that uses it? Looking at the source code i see that UDP 9200 9201 do not need wtls. 9202 9203 need encryption and wtls. So propably bearerbox opens the ports and wapbox decrypts them. If i don't set wtls, bearerbox doesn't open the secure ports. So it is required. certficate-file: I imagine it is a PEM server certificate privatekey-file: PEM server Key file privatekey-passwd: optional Maybe it should go into the documentation. Thanx, Nikos - Original Message - From: Nikos Balkanas To: users@kannel.org Sent: Friday, January 09, 2009 3:07 PM Subject: wtls Hi, What is the wtls group for? And who uses it? Thanx, Nikos
RE: WTLS certificates
Hi all, Is anybody using WTLS? De: Carlos Parada [EMAIL PROTECTED] Enviado: quinta-feira, 14 de Agosto de 2008 12:55 Para: users@kannel.org Assunto: WTLS certificates Hi all, I would like to use WTLS. However, the manual does not refer the wtls conf group, (I saw this in the source code) group = wtls certificate-file = ca-file.cert privatekey-file = privatekey-file.key privatekey-password = privatekey.pass Is there any example of usage available? Anybody knows how can I create a certificate and keys for that? Thanks in advance, Carlos Parada
Re: WTLS with openssl support
have you install openssl-develrpm? On Tue, Jul 22, 2008 at 11:18 PM, Carlos Parada [EMAIL PROTECTED] wrote: (sorry for wrong thread subject. That's the right one) Hi all, I would like to compile kannel 1.4.1 with WTLS support. However openssl coming with RedHat AS5 does not support it. Anybody knows where I can find rpms for this support? (I have search on the Internet without success). Thanks in advance, Carlos Parada -- Regards, Ady Wicaksono Email: ady.wicaksono at gmail.com http://adywicaksono.wordpress.com/
RE: WTLS with openssl support
have you install openssl-develrpm? [Carlos Parada] Yes I have. But it seems the problem is that the openssl rpm for RedHat AS 5 Is not compiled with RC5 support for patent reasons, and this is needed for kannel. I'm trying to compile it from source rpm, but I'm having many problems. I though that in the whole kannel community many people should have Faced this problem and could help me bringing any tip. I don't know if it is only a RedHat issue or it happens in other systems. Any tips? On Tue, Jul 22, 2008 at 11:18 PM, Carlos Parada [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: (sorry for wrong thread subject. That's the right one) Hi all, I would like to compile kannel 1.4.1 with WTLS support. However openssl coming with RedHat AS5 does not support it. Anybody knows where I can find rpms for this support? (I have search on the Internet without success). Thanks in advance, Carlos Parada -- Regards, Ady Wicaksono Email: ady.wicaksono at gmail.com http://adywicaksono.wordpress.com/
RE: WTLS
Title: RE: WTLS How do we go about ensuring that our clients use WTLS to connect to our application? Can we force them to have to use WTLS? I'd guess it depends on the WAP client implementation; At least I'd expect a https:// scheme in the URL to indicate to the WAP client that a secure session is required.
RE: WTLS
Paul, Thanks for your reply J Yes, your assumption is correct; it is a WAP 1.x based server-side application. How do we go about ensuring that our clients use WTLS to connect to our application? Can we force them to have to use WTLS? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Goldspring Sent: 09 December 2005 00:31 To: users@kannel.org Subject: OT: WTLS Hi, This is off-topic for the list, but I figured it would be a worth my while posing my query here. What is involved in developing WAP-based applications that use WTLS? I presumethat you're talking about WAP 1.x here and not WAP 2.0 as WAP 2.0 is SSL/TLS through a HTTP proxy from a security perspective. I also presume you're talking about server sideapplications rather than client side ? On the server, your applications should be unaware that WTLS isused as it is below the WTP layer. However, the WAP gateway may have a policy to enforce SSL/TLS towards the web server if WTLS is used. Is it simply a matter of throwing an SSL certificate on our web server and going from there? No. WTLS is between the WAP client and the WAP gateway. The security policy between the HTTP client in the WAP gateway andyour web server is a separate issue. Do we have to deploy our own WAP gateway and have our clients reconfigure their devices when they wish to use our application? No. Usually the carrier will support WTLS. Do we require the cooperation of our clients mobile-carrier WAP gateways? Only if you get into PKItrust issues. Bestcase is that the carriers certificate is issued by one of the trusted roots in the device. If not, then you'll need to talk to the carrier (or suffer the customer care issues of subscribers being prompted as to whether they trust a certificate or not) Do we have to buy another certificate for WTLS? Only if you're running your own WAP gateway. Even then it depends on whether its an open or closed user group, from a security policy perspective. Regards, Brent
RE: WTLS
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent GoldspringSent: 09 December 2005 00:31To: users@kannel.orgSubject: OT: WTLS Hi, This is off-topic for the list, but I figured it would be a worth my while posing my query here. What is involved in developing WAP-based applications that use WTLS? I presumethat you're talking about WAP 1.x here and not WAP 2.0 as WAP 2.0 is SSL/TLS through a HTTP proxy from a security perspective. I also presume you're talking about server sideapplications rather than client side ? On the server, your applications should be unaware that WTLS isused as it is below the WTP layer. However, the WAP gateway may have a policy to enforce SSL/TLS towards the web server if WTLS is used. Is it simply a matter of throwing an SSL certificate on our web server and going from there? No. WTLS is between the WAP client and the WAP gateway. The security policy between the HTTP client in the WAP gateway andyour web server is a separate issue. Do we have to deploy our own WAP gateway and have our clients reconfigure their devices when they wish to use our application? No. Usually the carrier will support WTLS. Do we require the cooperation of our clients mobile-carrier WAP gateways? Only if you get into PKItrust issues. Bestcase is that the carriers certificate is issued by one of the trusted roots in the device. If not, then you'll need to talk to the carrier (or suffer the customer care issues of subscribers being prompted as to whether they trust a certificate or not) Do we have to buy another certificate for WTLS? Only if you're running your own WAP gateway. Even then it depends on whether its an open or closed user group, from a security policy perspective. Regards, Brent
Re: WTLS certificate
Hey, Mait Mandel wrote: hey, does anyone know how to generate a WTLS certificate on you own? without paying $1M to Verisign ... If thats like standard certificates then openssl genrsa -out private.pem openssl req -new -x509 -key private.pem -out public.pem -days 365 You can get them much much cheaper than verisign. I think we paid 55 UK pounds. Be aware that if you use a self signed one other providers etc may well not accept that. Gareth -- Gareth Reakes, Managing Director Parthenon Computing +44-1865-811184 http://www.parthcomp.com
Re: WTLS and Kannel 1.4 - Query - Does it Work?
Hi, Nazir Faisal-NZRF001 wrote: *FYI both the key and cert file are in the same directory as the conf file.* Its relative to the directory the kannel is started in, not the conf file. *Can anyone help? Has anyone got the WTLS stuff to work?* Yep. *Has anyone instructions on how to generate appropiate private/public keys and certificates (self-signed)?* #create keys with #openssl genrsa -out private.pem #openssl req -new -x509 -key private.pem -out public.pem -days 365 Change the parameters if you need different behavior. Be warned though, if you use self signed then lots of things won't talk to you! Cheers, Gareth -- Gareth Reakes, Managing Director Parthenon Computing +44-1865-811184 http://www.parthcomp.com
Re: WTLS...
pls read the user guide before posting