본문 바로가기
IT/IMS

CentOS 7, Kamailio TLS 설정

by SimpleWorld StoryFeed 2019. 12. 25.

CentOS 7, Kamailio TLS 설정

  • Kamailio TLS 사용 설정.
[root@kamailio kamailio]# ls
dictionary.kamailio  kamailio.cfg  kamailio.cfg.backup_1457  kamailio.cfg.org  kamailio.lua  kamctlrc  pi_framework.xml  tls.cfg
[root@kamailio kamailio]# cat kamailio.cfg | more
#!KAMAILIO
#!define WITH_MYSQL
#!define WITH_USRLOCDB
#!define WITH_NAT
#!define WITH_ACCDB
#!define WITH_DEBUG
#!define WITH_TLS

 

  • Kamailio TLS 인증서 생성.
/etc/kamailio/tls
openssl genrsa -out privkey.pem 2048
openssl req -new -key privkey.pem -out certreq.pem
openssl req -new -x509 -days 3650 -key privkey.pem -out ca.crt
openssl x509 -in ca.crt -out ca.pem -outform PEM
openssl x509 -req -CA ca.pem -CAkey privkey.pem -days 3650 -in certreq.pem -out server.pem -CAcreateserial
openssl req -newkey rsa:2048 -nodes -out client_req.pem -keyout client.key 
openssl x509 -req -CA ca.pem -CAkey privkey.pem -days 3650 -in client_req.pem -CAcreateserial -out client.pem

 

  • Kamailio tls.cfg 설정.
/etc/kamailio
[root@kamailio kamailio]# vi tls.cfg 

[server:default]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/tls/privkey.pem
certificate = /etc/kamailio/tls/server.pem
ca_list = /etc/kamailio/tls/ca.pem
#crl = /etc/kamailio/tls/crl.pem

[server:0.0.0.0:5061]
method = TLSv1
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/tls/privkey.pem
certificate = /etc/kamailio/tls/server.pem
ca_list = /etc/kamailio/tls/ca.pem
#crl = /etc/kamailio/tls/crl.pem
  • Kamailio 재시작
service kamailio restart

 

Client 확인.

[root@joey ~]# openssl s_client -connect {kamailio_ip}:5061 -state -tls1_2 -CAfile ca.pem -cert client.pem -key client.key -cipher DHE-RSA-AES256-SHA256
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:error in SSLv3 read server hello A
140647094953872:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1577174644
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
  • 네이버 블러그 공유하기
  • 페이스북 공유하기
  • 트위터 공유하기
  • 구글 플러스 공유하기
  • 카카오스토리 공유하기

댓글1