Brekeke Documents

Find user guides, developer guides, API references, tutorials, and more!

Brekeke SIP Server Wiki

  1. Brekeke SIP Server Basic Info
  2. Security
  3. Update & Upgrade
  4. Configuration
    1. Installation
    2. Basic Setup
    3. BSS Administration Tool
    4. Network Configuration
    5. Dial Plan
    6. Block List
    7. Provisioning
    8. Push Notification
    9. SDN
    10. STIR/SHAKEN
    11. Advanced Edition
      1. Alias function
      2. Call detailed records (CDR)
      3. Failover
      4. Load balancing by BSS
      5. RADIUS
      6. TLS
        1. Key and Certificate
        2. How to create a self-signed certificate using OpenSSL
        3. How to install a certificate chain
        4. Peer Certification Validation
        5. Environment Variables for TLS
        6. Monitoring and Diagnostic
        7. How to convert TLS to another transport protocol (UDP,TCP)
      7. SRTP Conversion
      8. Redundancy
      9. Brekeke Heartbeat Remote Access Setup
      10. Brekeke SIP Server Failure Notification
      11. Heavy loads alert with Brekeke Heartbeat
      12. Monitoring SIP Devices with Heartbeat
    12. Other Functions
    13. Third-Party Database
    14. Environment Variables
  5. Troubleshooting
  6. Developer's Guide
  7. Version History

How to create a self-signed certificate using OpenSSL

Note: If you use a Certificate Authority (CA) such as VeriSign, follow their instructions.

 

CREATE THE CERTIFICATION AUTHORITY (CA) CERTIFICATE

1. Generate the key for the CA certificate

openssl genrsa -des3 -out ca.key 2048

Enter an appropriate pass phrase.

2. Show the key

openssl rsa -noout -text -in ca.key

3. Compose the CA certificate from the key

openssl req -new -x509 -days 2555 -key ca.key -out ca.crt

Enter a certification authority name in [Common Name] (CN) field.
For example:  TEST-CA

4. Show the CA certificate

openssl x509 -noout -text -in ca.crt

 

CREATE THE SERVER CERTIFICATE

1. Generate the key for the server certificate

openssl genrsa -out server.key 2048

2. Show the key

openssl rsa -noout -text -in server.key

3. Compose the server certificate from the key

openssl req -new -key server.key -out server.csr

Enter a Brekeke SIP Server machine IP address or FQDN in [Common Name] (CN) field.
For example:  172.16.14.11
Note: Common Name (CN) must be different from the Certificate Authority (CA)’s CN.

4. Sign the server certificate with the CA certificate

openssl x509 -days 365 -CA ca.crt -CAkey ca.key -req -CAcreateserial -CAserial ca.srl -in server.csr -out server.crt

5. Show the server certificate

openssl x509 -noout -text -in server.crt

 

Related link:
Yes No
« Key and CertificateHow to install a certificate chain »
Suggest Edit