freeswitch使用自签证书,配置WSS
2024-04-09 04:08:36
Freeswitch使用自签证书
1. 使用SSL-TOOLS生成自签证书
(1) 下载ssl.ca-0.1.tar.gz
[root@localhost ~]# wget http://files.freeswitch.org/downloads/ssl.ca-0.1.tar.gz
(2) 解压ssl.ca-0.1.tar.gz
tar zxfv ssl.ca-0.1.tar.gz
(3) 执行以下命令
[root@localhost software]# cd ssl.ca-0.1/
[root@localhost ssl.ca-0.1]# perl -i -pe 's/md5/sha1/g' *.sh
[root@localhost ssl.ca-0.1]# perl -i -pe 's/2048/2048/g' *.sh
(4) 生成根证书
[root@localhost ssl.ca-0.1]# ./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
.....................++++++
...............................................................++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key: 根证书密码
Verifying - Enter pass phrase for ca.key:Self-sign the root CA...
Enter pass phrase for ca.key: 根证书密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:CN 国籍
State or Province Name (full name) [Perak]:JIANGSU 省份
Locality Name (eg, city) [Sitiawan]:NANJING 市
Organization Name (eg, company) [My Directory Sdn Bhd]:HY 公司名称
Organizational Unit Name (eg, section) [Certification Services Division]:HY 组织名称
Common Name (eg, MD Root CA) []:HY 常用名
Email Address []:HY@163.com 邮箱地址
[root@localhost ssl.ca-0.1]#
执行完毕后,会在当前目录生成ca.key和ca.crt两个文件
(5) 为我们的服务器生成一个证书
[root@localhost ssl.ca-0.1]# ./new-server-cert.sh server
Fill in certificate data
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:JIANGSU
Locality Name (eg, city) [Sitiawan]:NANJING
Organization Name (eg, company) [My Directory Sdn Bhd]:HY
Organizational Unit Name (eg, section) [Secure Web Server]:HY
Common Name (eg, www.domain.com) []:localhost 此处可更换为域名
Email Address []:HY@163.comYou may now run ./sign-server-cert.sh to get it signed
执行完毕后,生成了server.csr和server.key这两个文件
(6) 签署证书使证书生效
[root@localhost ssl.ca-0.1]# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'JIANGSU'
localityName :PRINTABLE:'NANJING'
organizationName :PRINTABLE:'HY'
organizationalUnitName:PRINTABLE:'HY'
commonName :PRINTABLE:'localhost'
emailAddress :IA5STRING:'HY@163.com'
Certificate is to be certified until Nov 9 06:26:54 2019 GMT (365 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
执行完毕后,生成了server.crt文件
以上操作执行完毕后,你会在当前目录看到如下三个文件
[root@254 ssl.ca-0.1]# ll总用量 96-rw-r--r-- 1 root root 932 6月 25 09:44 ca.crtdrwxr-xr-x 2 root root 20 6月 25 09:45 ca.db.certs-rw-r--r-- 1 root root 97 6月 25 09:45 ca.db.index-rw-r--r-- 1 root root 21 6月 25 09:45 ca.db.index.attr-rw-r--r-- 1 root root 3 6月 25 09:45 ca.db.serial-rw-r--r-- 1 root root 963 6月 25 09:43 ca.key-rw-r--r-- 1 500 500 17992 4月 24 2000 COPYING-rwxr-xr-x 1 500 500 1460 6月 25 09:43 new-root-ca.sh-rwxr-xr-x 1 500 500 1539 6月 25 09:43 new-server-cert.sh-rwxr-xr-x 1 500 500 1049 6月 25 09:43 new-user-cert.sh-rwxr-xr-x 1 500 500 984 6月 25 09:43 p12.sh-rw-r--r-- 1 500 500 1024 4月 23 2000 random-bits-rw-r--r-- 1 500 500 11503 4月 24 2000 README-rw-r--r-- 1 root root 3092 6月 25 09:45 server.crt ---------->-rw-r--r-- 1 root root 737 6月 25 09:45 server.csr ----------> 后续操作主要使用到这三个文件-rw-r--r-- 1 root root 891 6月 25 09:44 server.key ---------->-rwxr-xr-x 1 500 500 2080 6月 25 09:43 sign-server-cert.sh-rwxr-xr-x 1 500 500 1916 6月 25 09:43 sign-user-cert.sh-rw-r--r-- 1 500 500 50 4月 24 2000 VERSION
2. 替换freeswitch的证书(wss.pem)
开始替换证书 [请注意备份freeswitch的证书] 以下是笔者wss.pem所在目录,请根据自身fs所装目录确定证书位置,也可以使用find命令查找
[root@izwz9ixh3287isfn0r8cm6z ~]# find / -name wss.pem/usr/local/freeswitch/certs/wss.pem ----->wss.pem所在位置
[root@localhost ssl.ca-0.1]# cd /usr/local/server/software/ssl.ca-0.1[root@localhost ssl.ca-0.1]# cat server.crt server.key > /usr/local/freeswitch/certs/wss.pem[root@localhost ssl.ca-0.1]# cat /usr/local/freeswitch/certs/wss.pemCertificate:Data:Version: 3 (0x2)Serial Number: 1 (0x1)Signature Algorithm: sha1WithRSAEncryptionIssuer: C=CN, ST=JIANGSU, L=NANJING, O=HY, OU=HY, CN=HY/emailAddress=HY@163,\x08\x1B[D\x1B[3~ValidityNot Before: Nov 9 06:26:54 2018 GMTNot After : Nov 9 06:26:54 2019 GMTSubject: C=CN, ST=JIANGSU, L=NANJING, O=HY, OU=HY, CN=localhost/emailAddress=HY@163.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionPublic-Key: (1024 bit)Modulus:00:ca:87:6e:7a:b5:0b:40:b4:a5:5f:4c:03:7a:f9:f9:2e:d9:a8:bd:e2:d8:2d:45:dd:a1:58:d8:d4:98:31:e1:aa:bd:43:8d:77:cc:c8:f9:62:56:62:ac:0c:1c:4a:58:b3:46:58:5c:b6:27:a4:17:02:7a:0a:77:06:ba:a5:e9:fb:60:eb:16:45:45:e4:8c:13:ab:48:6f:e4:35:b0:2c:b3:46:91:43:8f:93:f9:9a:ec:bc:b5:46:8f:d2:bd:26:47:07:e1:f4:40:27:76:a1:e3:cf:ce:75:05:1f:d2:6a:37:fc:39:77:74:97:1e:e9:72:2c:5e:91:3c:9e:74:2d:91Exponent: 65537 (0x10001)X509v3 extensions:X509v3 Authority Key Identifier: keyid:DD:66:29:32:E6:2E:98:ED:9A:39:89:C2:EF:07:5C:E3:6E:F9:63:B5X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated CryptoX509v3 Basic Constraints: criticalCA:FALSESignature Algorithm: sha1WithRSAEncryption2a:a5:a6:35:68:a3:b0:e4:3a:77:88:28:e6:39:ca:ba:2e:95:28:b3:7d:b3:53:35:1d:f3:4a:1a:02:f1:c4:03:52:c3:02:e6:5d:d5:29:08:17:41:f0:83:e4:c3:f8:a7:58:88:20:0c:93:ff:78:b4:0b:e6:31:53:13:cb:f3:6c:3c:1b:ea:35:67:1e:1f:89:be:f8:10:cc:ec:0b:a7:75:01:89:72:a8:51:95:03:34:3f:17:7a:f1:fd:54:8d:55:8f:10:91:69:a1:55:c2:c8:76:48:a1:f2:d9:dc:47:47:a7:9e:3a:00:a4:c6:ad:44:67:59:96:21:38:0d:dd:0a-----BEGIN CERTIFICATE-----MIICzzCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSklBTkdTVTEQMA4GA1UEBxMHTkFOSklORzELMAkGA1UEChMCSFkxCzAJBgNVBAsTAkhZMQswCQYDVQQDEwJIWTEeMBwGCSqGSIb3DQEJARYPSFlAMTYzLAgbW0QbWzN+MB4XDTE4MTEwOTA2MjY1NFoXDTE5MTEwOTA2MjY1NFowejELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0pJQU5HU1UxEDAOBgNVBAcTB05BTkpJTkcxCzAJBgNVBAoTAkhZMQswCQYDVQQLEwJIWTESMBAGA1UEAxMJbG9jYWxob3N0MRkwFwYJKoZIhvcNAQkBFgpIWUAxNjMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKh256tQtAtKVfTAN6+fku2ai94tgtRd2hWNjUmDHhqr1DjXfMyPliVmKsDBxKWLNGWFy2J6QXAnoKdwa6pen7YOsWRUXkjBOrSG/kNbAss0aRQ4+T+ZrsvLVGj9K9JkcH4fRAJ3ah48/OdQUf0mo3/Dl3dJce6XIsXpE8nnQtkQIDAQABo2cwZTAfBgNVHSMEGDAWgBTdZiky5i6Y7Zo5icLvB1zjbvljtTA0BgNVHSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBACqlpjVoo7DkOneIKOY5yroulSizfbNTNR3zShoC8cQDUsMC5l3VKQgXQfCD5MP4p1iIIAyT/3i0C+YxUxPL82w8G+o1Zx4fib74EMzsC6d1AYlyqFGVAzQ/F3rx/VSNVY8QkWmhVcLIdkih8tncR0ennjoApMatRGdZliE4Dd0K-----END CERTIFICATE----------BEGIN RSA PRIVATE KEY-----MIICXQIBAAKBgQDKh256tQtAtKVfTAN6+fku2ai94tgtRd2hWNjUmDHhqr1DjXfMyPliVmKsDBxKWLNGWFy2J6QXAnoKdwa6pen7YOsWRUXkjBOrSG/kNbAss0aRQ4+T+ZrsvLVGj9K9JkcH4fRAJ3ah48/OdQUf0mo3/Dl3dJce6XIsXpE8nnQtkQIDAQABAoGAbTYSsUCnTMEc3AKVbd8WK9lbUOneQKuIE9VhN2LKozH61U6X52oIcKq8kqIFL2IdajWD6QX/ShkfzjzY+BU30kyiVhP+iJctfpWr7wlEp8GchteX2RumBRxAsBg2rw6cXdQ9PHo6ykf0nQpwVeiiq2x4ccs4AEWqWkkYVtc9cAECQQDjv0x8USMOr83frD8Egx/c3Os8fDjn7Bq+YKRxuU/qdgqsSAISIMiEWh8h3l+eHDJDmZAF5u2D9FC9mYT8PYtRAkEA46dDSsM7b5yOt6WQO+YyfU968KEDP1rX41davnWh7lbwvuiJIlnJPhZ2rysJY8qs2+r+GAJQTSl7LDwSRcduQQJBANRTJZCE6EUp+6p64ClpwcvcHmc+fKMjyG8SlFz94hZ5REwHuf6Cl85kYr/lnIlASlAhm1cVSvwJSzjoJkYvbnECQQDDDnio4VjWy+S408IeoKGYHvauoLcgnJyn7RwSXsYNai7C1IlThmzYpvSwKAbWmzy6/cETH0BgrO8duqbJZRRBAkAOSOOGHC137WzOwx20iTpqciX8Ir2mOvGMWW8Wd/9pyglapIxq3Hd0cGdIxbqHZpSmN7mkUbgfgvYVlH9fW8lz-----END RSA PRIVATE KEY-----
(2) 修改freeswitch相关配置
- 修改internal.xml
[root@254 ssl.ca-0.1]# vim /usr/local/freeswitch/conf/sip_profiles/internal.xml设置wss-binding,默认为7443,可修改<param name="wss-binding" value=":7443"/>执行此命令可以看到wss所绑定的端口[root@254 ssl.ca-0.1]# fs_cli -x 'sofia status profile internal' | grep WSS-BIND-URLWSS-BIND-URL sips:mod_sofia@192.168.0.254:7443;transport=wss- 修改vars.xml
[root@254 ssl.ca-0.1]# vim /usr/local/freeswitch/conf/vars.xml设置以下参数<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/><X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>
修改完成后,请重启freeswitch,然后执行以下命令[root@localhost ssl.ca-0.1]# fs_cli... ...+OK log level [7]freeswitch@localhost.localdomain> reloadxml
WEB项目使用自签证书
此处我们需要使用到之前生成的三个文件,server.crt,server.csr,server.key
1. 将自签证书转为tomcat.p12
[root@localhost ssl.ca-0.1]# openssl pkcs12 -export -in /usr/local/server/software/ssl.ca-0.1/server.crt -inkey /usr/local/server/software/ssl.ca-0.1/server.key -out /usr/local/server/software/ssl.ca-0.1/tomcat.p12
2. 在springboot项目中引用keystore,使用HTTPS
# 证书存放路径 根据实际情况放置(绝对路径) 此文件也可以放置在项目中,具体实现可以百度server.ssl.key-store=/usr/local/server/tomcat.p12#密钥库密码server.ssl.key-store-password=111111server.ssl.keyStoreType=PKCS12
本节主要讲解了fs如何配置https,使用自签证书,下一节会讲解如何结合SIP.JS实现软电话功能
##参考资料: https://blog.csdn.net/u013944791/article/details/73551253
##参考资料: https://blog.csdn.net/medivhq/article/details/51188242
##参考资料: https://freeswitch.org/confluence/display/FREESWITCH/WebRTC#WebRTC-InstallCertificates
freeswitch使用自签证书,配置WSS相关推荐
- CentOS生成自签名证书配置Apache https
CentOS生成自签名证书配置Apache https apache的安装就不用说了 1.安装完apache之后,安装mod_ssl和openssl yum install mod_ssl opens ...
- nginx websocket wss 连接失败 failed_Nginx 配置WSS 解析与实战
Nginx 配置WSS 解析与实战 1. 几个关键概念 1.1 WebSocket WebSocket 协议是 html5 的一种通信协议,该协议兼容我们常用的浏览器.例如:Chrome.Firefo ...
- Java nginx 双向ssl_nginx配置ssl双向验证 nginx https ssl证书配置
参考<nginx安装>:http://www.ttlsa.com/nginx/nginx-install-on-linux/ 如果你想在单IP/服务器上配置多个https,请看<ng ...
- openssl学习笔记--CA及https网站证书配置
一.需求分析: 证书服务器自建CA,网页服务器通过CA创建网页主机证书,以实现网站内容安全传输. 二.拓扑图: 三.相关配置: 1. 证书服务器(ns1)创建自签证书: [root@ns1 ~]# c ...
- windows 下 nginx 双向认证自签名证书配置
1. 创建根证书密钥.服务器证书私钥.客户端证书私钥: openssl genrsa -out root.key 2048 openssl genrsa -out server.key 2048 op ...
- java netty wss_netty 配置 wss访问
# netty 配置 wss访问 ## 1.获取证书 可以选择[自制证书](生成自签名证书.md),或者获取 [Let`s Encrypt证书](LetsEncrypt.md) ## 2.配置hand ...
- apache配置wss
ws和wss的区别与http和https相似. ws是没有证书安全的websocket,wss是有ssl证书安全的websocket 在apache环境下配置wss步骤: 1.需要在httpd.con ...
- centos7搭建DNS服务,CA字签证书
1.描述TSL链路的通信图 第一阶段:client hello1:向服务端发送支持的协议版本,比如 tls1.22:客户端生成一个随机数,稍后用户生成"会话秘钥"3:发送支持的加密 ...
- nginx配置wss协议
需求:nginx配置websocket协议连接,(背景,在一个使用一个免费的仅仅支持单域名的证书时,既要支持https协议,也要支持wss协议时,我们可以配置一个nginx根据不同的路径去跳转) 我所 ...
最新文章
- 剑指offer:树的子结构
- Altera之VIP TPG学习笔记
- Oracle 10g Audit(审计) --- 记录登录用户在Oracle中的所有操作(转)
- java重新连接tcp,如何处理TCP客户端丢弃和重新连接
- Linux下的Ruby2.7.0下载
- 信号与系统28(状态变量与状态方程)
- 风变编程:是课程也是游戏,学习也能很简单
- 关于Aegisub的视频滤镜插件和字幕滤镜插件
- 【ftp 上传文件失败】
- 《卡耐基成功学》阅读笔记
- 陆奇-奇绩创坛-chatGPT新范式,新时代,新机会
- python商务图表_Excel 数据之美:科学图表与商业图表的绘制(全彩)
- python画车辆轨迹图_如何利用 Python 绘制酷炫的 车辆轨迹 — 速度时空图?三维数据用二维图像呈现...
- android 电量控制
- wangEditor在IE中截图上传问题(一)
- Spring-boot中使用nutz实践
- Button 按钮:防连点,节流防抖
- Docker精华问答 | Docker commit如何用?
- 计算机网络san,SAN存储区域网络技术基础知识
- FIFO+FILO(手写栈、队列)
热门文章
- 200G超强C语言和C++编程0基础从入门到精通视频教程,立即获取
- 温度变送器转换程序c语言,温度变送器电原理图
- 达梦好用的监控工具 -- DEM 及配置流程
- Lightning 0.5 Chinese Language package
- python表达式3**2**3的值为_Python表达式 1/2 的值为 , 1//3+1//3+1//3 的值为 ,5%3的值为 。_会计基础与实务答案_学小易找答案...
- PHP递归统计上下级
- ArcGIS API For JavaScript Font字体简介,下载及本地部署
- 模块XXXX可能与您正在运行的Windows版本不兼容。检查该模块是否与regsvr32.exe的x86(32位)x64(64位)版本兼容。
- Bundle与Intent机制,Intent显式/隐式意图,传递参数及参数序列化,各种跳转(如打开浏览器),Intent的Size
- ubuntu18安装xfce、kde、lxde桌面