Brekeke Documents

Find user guides, developer guides, API references, tutorials, and more!

Brekeke SIP Server Wiki

  1. Brekeke SIP Server Basic Info
  2. Security
  3. Update & Upgrade
  4. Configuration
    1. Installation
    2. Basic Setup
    3. BSS Administration Tool
    4. Network Configuration
    5. Dial Plan
    6. Block List
    7. Provisioning
    8. Push Notification
    9. SDN
    10. STIR/SHAKEN
    11. Advanced Edition
    12. Other Functions
      1. Access Brekeke SIP Server Admintool from any computer
      2. Back-To-Back User Agent (B2BUA) Mode
      3. Billing feature
      4. Brekeke SIP Server back up
      5. Call to PSTN by Brekeke SIP Server
      6. Call transfer and voice message
      7. Check call status
      8. Compact Form with BSS
      9. Settings for Microsoft Lync or OCS
      10. Connect to Brekeke SIP Server Admintool with SSL
      11. Difference between RTP relay ON and AUTO
      12. Does Brekeke SIP Server support Video call?
      13. Change RTP buffer size for Video
      14. How to tune T1 timer
      15. IPv6
      16. Replace response code
      17. Use Microsoft SQL server
      18. Upper or Thru Registration
      19. log
      20. Monitoring Brekeke SIP Server with SNMP
      21. TCP or TLS with BSS
      22. Does Brekeke SIP Server support Path (RFC3327)?
      23. Does Brekeke SIP Server support Service-Route (RFC3608)?
      24. Set up Brekeke SIP Server to use WebSocket as SIP transport
      25. Management Command Reference
      26. Setup secure connections (TLS/WSS/HTTPS) with certificate
      27. Set up the email notifications at BSS
      28. Get free certificates from "Let's Encrypt"
    13. Third-Party Database
    14. Environment Variables
  5. Troubleshooting
  6. Developer's Guide
  7. Version History

Get free certificates from "Let's Encrypt"

What is “Let’s Encrypt”? 

Let’s Encrypt is a free, automated, and open Certificate Authority.
You can get a certificate (a type of file) from Let’s Encrypt(CA). However in order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain.

For detail, refer to the Let’s Encrypt official website.

How to use “Let’s Encrypt”?

Let’s Encrypt offers some method to get a certificate.

Here is an example of the method that uses client software of Let’s Encrypt.

What’s Required?

1. You need a domain. Here, as an example, domain is “example.brekeke.com“.

2. Access to TCP port 80 from Internet.

3. Web server runs with http protocol (TCP 80). In this example, you need to put any files under the “http://example.brekeke.com/” directory.

4. Install certbot. you can get from here (https://certbot.eff.org/) . Here, as an example, the certbot is installed into “/usr/local/bin/” directory.

 

Steps

Step 1. Log in web server with SSH

Step 2. Execute the following command to run a Certbot client with Manual option

# sudo /usr/local/bin/certbot-auto certonly --manual -d [Domain] -m [mail address]
Example 1 (RSA private key):
# sudo /usr/local/bin/certbot-auto certonly --manual -d example.brekeke.com -m mail@brekeke.com
Example 2 (ECDSA private key):
# sudo /usr/local/bin/certbot-auto certonly --key-type ecdsa --manual -d example.brekeke.com -m mail@brekeke.com

 

The dialog with TUI (Text User Interface) will be displayed.

 

Step 3. When the message “Are you OK with your IP being logged?” is displayed in the dialog, select “yes“.

Like the following example, The file and content that are needed for authentication are displayed.

Make sure your web server displays the following content at

http://example.brekeke.com/.well-known/acme-challenge/6BpLwE3bboPLg2XWIqDYA-ogAQMSaud9BTwMWrU92yw before continuing:

6BpLwE3bboPLg2XWIqDYA-ogAQMSaud9BTwMWrU92yw.-nf-U8XW0o296xhGfELwQ2f3yCHBpwG-r6dCBelhPLs

*Do NOT press the enter key even though the “Press ENTER to continue” message is shown.

 

Step 4. Copy the following displayed content and paste into a file.

Then put the file under the specified directory of the Web server.

In this example:

  URL: http://example.brekeke.com/.well-known/acme-challenge/6BpLwE3bboPLg2XWIqDYA-ogAQMSaud9BTwMWrU92yw

 Content: 6BpLwE3bboPLg2XWIqDYA-ogAQMSaud9BTwMWrU92yw.-nf-U8XW0o296xhGfELwQ2f3yCHBpwG-r6dCBelhPLs

 

Step 5. Check whether the file can be shown via internet with the URL(http://example.brekeke.com/.well-known/acme-challenge/6BpLwE3bboPLg2XWIqDYA-ogAQMSaud9BTwMWrU92yw).
Step 6. Press Enter key at the screen that shows “Press ENTER to continue” message.

Let’s Encrypt accesses to the address for authentication.

Step 7. If the following message appears, The process to get a certificate is completed.

Conguratulations! ...

Step 8. The certificate files are stored under the “/etc/letsencrypt/live/[Domain]/” directory.

  • Server certificate (public key) : cert.pem
  • Intermediate certificate : chain.pem
  • A file combining server certificate and intermediate certificate : fullchain.pem
  • Private key : privkey.pem

Step 9. Close TCP Port 80 that you opened for authentication procedure.

——————————————————————————————————————————-

Example: Converting the certificate files to the keystore (JKS) format that is used by Tomcat.

openssl pkcs12 -export -in cert.pem -inkey privkey.pem -certfile chain.pem -out pkcs12.pfx -passout pass:changeit

keytool -importkeystore -srckeystore pkcs12.pfx -srcstoretype PKCS12 -srcstorepass changeit -destkeystore .keystore -deststoretype JKS -deststorepass changeit

 

Yes No
« Set up the email notifications at BSSThird-Party Database »
Suggest Edit