Hi Ryan,
The tls certificates are provisioned in OpenSIPs via the tls_mgm module:
http://www.opensips.org/html/docs/modules/2.4.x/tls_mgm.html
The certs can be defined inline in cfg or via DB - see
http://www.opensips.org/html/docs/modules/2.4.x/tls_mgm.html#idp2796016
And this is the DB schema :
http://www.opensips.org/Documentation/Install-DBSchema-2-4#AEN9619
Best regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 08/01/2018 09:35 AM, Ryan Delgrosso wrote:
Hi Bogdan,
Can you point me at a link to how to provision a cert via db?
What happens to active TLS sessions if the cert is changed?
Thanks
-Ryan
On 7/26/2018 4:56 AM, Bogdan-Andrei Iancu wrote:
Hi John,
When the cert is configured via modparam, the cert is loaded on
startup by OpenSIPS, so any renewal of the cert will have 0 impact on
OpenSIPS - so you will have to restart after each renewal.
I suggest you to provision the certs via DB (and not script), so you
can do a reload after renewal, with any need to restart opensips.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
http://opensips.org/training/OpenSIPS_Bootcamp_2018/
On 07/25/2018 06:09 PM, John Quick wrote:
Does anyone have experience using LetsEncrypt certificates for tls
or wss in
OpenSIPS v2.4.x over a long enough period of time for the
certificate to be
renewed?
Does the OpenSIPS service need to be restarted after each certbot
renewal?
This happens about every 2 months.
I have configured opensips so the path in modparam("tls_mgm",
"certificate"
is "/etc/letsencrypt/live/<domain-name>/cert.pem"
This is actually a sym-link to the actual cert. It seems to work
okay, but
I'm wondering what will happen in two months' time when the cert is
renewed.
Thanks.
John Quick
Smartvox Limited
Web: www.smartvox.co.uk
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
