FreeSwitch（CentOs7.0）+WebRTC(web)+座机呼叫完成版带SSL注册证书

前言

1.freeswitch的安装，CentOS7原本yum安装起来比较慢，提倡更换yum源会快许多，我的快了3个小时。yum源（CentOS-Base.repo）

[base]name=CentOS-$releasever - Basebaseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=osenabled=1gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-7#released updates[updates]name=CentOS-$releasever - Updatesbaseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/updates/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updatesenabled=1gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-7#additional packages that may be useful[extras]name=CentOS-$releasever - Extrasbaseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/extras/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extrasenabled=1gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-7

2.先安装依赖

3.下载源码

1. cd /usr/local/src

2.git clone -b v1.6 https://git.oschina.net/nwaycn/freeswitch.git freeswitch

4.编译与安装

cd /usr/local/src/freeswitch./bootstrap.sh -j./configure makemake -j installmake -j cd-sounds-installmake -j cd-moh-install

5.效果展示

输入freeswitch ,如果输入freeswitch

freeswitch启动成功

6.配置WebRTC 从网上下载sipml5软件包

git clone https://github.com/DoubangoTelecom/sipml5

需要在linux服务器上部署，咱们需要安装tomcat7 jdk1.7 配置环境变量，至于如何配置和安装，这里我就不详细说了，网上有诸多教程

环境配置好后，将将整个目录复制到Tomcat的webapps目录下

启动Freeswitch tomcat

打开网页：http://服务器IP:8080/sipml5/expert.htm

我的包名是sipml5-master

我的浏览器和tomcat都是下载了ssl证书的所以可以直接呼叫座机，你的如果用的http是点呼叫是没反应的。

需要先配置专家模式

专家模式配置好后就可以连接登录了，登录成功后就可以呼叫了，正常的话会显示通话中，座机注册1002后，拨打1002就可以听到声音了。

下面开始介绍三个证书的注册下载导入和配置

freeswitch使用自签证书,配置WSS

1.使用SSL-TOOLS生成自签证书

2.下载ssl.ca-0.1.tar.gz

3.解压ssl.ca-0.1.tar.gz

4.执行以下命令

5.生成根证书

执行完毕后,会在当前目录生成ca.key和ca.crt两个文件

6.为我们的服务器生成一个证书

执行完毕后,生成了server.csr和server.key这两个文件

7. 签署证书使证书生效

执行完毕后,生成了server.crt文件

以上操作执行完毕后,你会在当前目录看到如下三个文件

8.替换freeswitch的证书(wss.pem

开始替换证书 [请注意备份freeswitch的证书] 以下是笔者wss.pem所在目录,请根据自身fs所装目录确定证书位置,也可以使用find命令查找

9.修改freeswitch相关配置

修改internal.xm

修改vars.xml

10.WEB项目使用自签证书

11.下面将通过OpenSSL生成证书并让Chrome浏览器识别为安全终极办法

下载windows上适用的openssl

下载地址：http://slproweb.com/products/Win32OpenSSL.html

因我的电脑是64位的，所以我选择下载OpenSSL 1.0.2t Light（64-bit）

按照默认位置安装即可，无需多余设置

12.生成证书

以管理员身份运行cmd，生成证书

我的电脑只有一个盘，所以我先cd到了c盘，然后运行命令，换言之，在哪里运行命令，哪里就是输出路径

完整过程如下图所示

下面是完成代码块

c:\>openssl genrsa -out 136zhengshu.key 2048Generating RSA private key, 2048 bit long modulus................................................+++++.....+++++e is 65537 (0x10001) c:\>openssl req -new -key 136zhengshu.key -out 136zhengshu.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:CNState or Province Name (full name) [Some-State]:BeijingLocality Name (eg, city) []:BeijingOrganization Name (eg, company) [Internet Widgits Pty Ltd]:EsriChinaOrganizational Unit Name (eg, section) []:EsrichinaCommon Name (e.g. server FQDN or YOUR name) []:192.168.100.136Email Address []:aoj@esrichina.com.cn Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:1234An optional company name []:esrichina c:\>echo subjectAltName=IP:192.168.100.136,DNS:win136.esrichina.com >cert_extensions c:\>openssl x509 -req -sha256 -in 136zhengshu.csr -signkey 136zhengshu.key -extfile cert_extensions -out 136zhengshu.crt -days 3650Signature oksubject=/C=CN/ST=Beijing/L=Beijing/O=EsriChina/OU=Esrichina/CN=192.168.100.136/emailAddress=aoj@esrichina.com.cnGetting Private key c:\>openssl pkcs12 -inkey 136zhengshu.key -in 136zhengshu.crt -export -out 136zhengshu.pfxEnter Export Password:Verifying - Enter Export Password:

生成的文件如下：

13.在客户端浏览器中导入证书cer格式（必须）

14.tomcat导入证书和配置

从证书发布者那边下载tomcat版本的证书，一般为zip压缩文件，解压后有两个文件(*.pfx结尾的证书，*password.txt的证书密码)

把pfx文件上传到linux服务器上

切换root用户，把证书文件保存在一个固定的地方，我保存在usr/local/tomcat/conf目录下

修改配置文件serverxml

在msslProtocol="TLS" 后面加上keystoreFile="/usr/local/tomcat/tomcat7/conf/136zhengshu.pfx" keystorePass="1234"

重新TOMcat 浏览器访问https://192.168.0.161:8443/sipml5-master/call.htm#就可以正常通话了

FreeSwitch（CentOs7.0）+WebRTC(web)+座机呼叫完成版带SSL注册证书

前言

提示：最近公司让搭建Freeswitch+web端通话呼叫座机，网上找了好多资料，比较乱，搭建了4天终于搭建好，并且通过了ssl认证呼叫了座机而且能听到声音
例如：本人郑重承若为广大朋友们少走弯路，直接上干活，本人接触运维已2年，希望有问题的同道中人想咨询可以加我微信Z958726169

1.freeswitch的安装，CentOS7原本yum安装起来比较慢，提倡更换yum源会快许多，我的快了3个小时。yum源（CentOS-Base.repo）

[base]
name=CentOS-$releasever - Base
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-7

#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-7

2.先安装依赖

1.yum install -y http://files.freeswitch.org/freeswitch-release-1-6.noarch.rpm epel-release
2.yum install -y git alsa-lib-devel autoconf automake bison broadvoice-devel bzip2 curl-devel libdb4-devel e2fsprogs-devel erlang flite-devel g722_1-devel gcc-c++ gdbm-devel gnutls-devel ilbc2-devel ldns-devel libcodec2-devel libcurl-devel libedit-devel libidn-devel libjpeg-devel libmemcached-devel libogg-devel libsilk-devel libsndfile-devel libtheora-devel libtiff-devel libtool libuuid-devel libvorbis-devel libxml2-devel lua-devel lzo-devel mongo-c-driver-devel ncurses-devel net-snmp-devel openssl-devel opus-devel pcre-devel perl perl-ExtUtils-Embed pkgconfig portaudio-devel postgresql-devel python-devel python-devel soundtouch-devel speex-devel sqlite-devel unbound-devel unixODBC-devel wget which yasm zlib-devel libshout-devel libmpg123-devel lame-devel

3.下载源码

1. cd /usr/local/src

2.git clone -b v1.6 https://git.oschina.net/nwaycn/freeswitch.git freeswitch

4.编译与安装

cd /usr/local/src/freeswitch
./bootstrap.sh -j
./configure
make
make -j install
make -j cd-sounds-install
make -j cd-moh-install

5.效果展示

输入freeswitch ,如果输入freeswitch

freeswitch启动成功

6.配置WebRTC 从网上下载sipml5软件包

git clone https://github.com/DoubangoTelecom/sipml5

需要在linux服务器上部署，咱们需要安装tomcat7 jdk1.7 配置环境变量，至于如何配置和安装，这里我就不详细说了，网上有诸多教程

环境配置好后，将将整个目录复制到Tomcat的webapps目录下

启动Freeswitch tomcat

打开网页：http://服务器IP:8080/sipml5/expert.htm

我的包名是sipml5-master

我的浏览器和tomcat都是下载了ssl证书的所以可以直接呼叫座机，你的如果用的http是点呼叫是没反应的。

需要先配置专家模式

专家模式配置好后就可以连接登录了，登录成功后就可以呼叫了，正常的话会显示通话中，座机注册1002后，拨打1002就可以听到声音了。

下面开始介绍三个证书的注册下载导入和配置

freeswitch使用自签证书,配置WSS

1.使用SSL-TOOLS生成自签证书

2.下载ssl.ca-0.1.tar.gz

[root@localhost ~]# wget http://files.freeswitch.org/downloads/ssl.ca-0.1.tar.gz

3.解压ssl.ca-0.1.tar.gz

tar zxfv ssl.ca-0.1.tar.gz

4.执行以下命令

1.[root@localhost software]# cd ssl.ca-0.1/
2.[root@localhost ssl.ca-0.1]# perl -i -pe 's/md5/sha1/g' *.sh
3.[root@localhost ssl.ca-0.1]# perl -i -pe 's/2048/2048/g' *.sh

5.生成根证书

[root@localhost ssl.ca-0.1]# ./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
.....................++++++
...............................................................++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:  根证书密码
Verifying - Enter pass phrase for ca.key:Self-sign the root CA...
Enter pass phrase for ca.key:  根证书密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:CN  国籍
State or Province Name (full name) [Perak]:JIANGSU 省份
Locality Name (eg, city) [Sitiawan]:NANJING  市
Organization Name (eg, company) [My Directory Sdn Bhd]:HY 公司名称
Organizational Unit Name (eg, section) [Certification Services Division]:HY 组织名称
Common Name (eg, MD Root CA) []:HY 常用名
Email Address []:HY@163.com  邮箱地址
[root@localhost ssl.ca-0.1]#

执行完毕后,会在当前目录生成ca.key和ca.crt两个文件

6.为我们的服务器生成一个证书

[root@localhost ssl.ca-0.1]# ./new-server-cert.sh  server
Fill in certificate data
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:JIANGSU
Locality Name (eg, city) [Sitiawan]:NANJING
Organization Name (eg, company) [My Directory Sdn Bhd]:HY
Organizational Unit Name (eg, section) [Secure Web Server]:HY
Common Name (eg, www.domain.com) []:localhost 此处可更换为域名
Email Address []:HY@163.comYou may now run ./sign-server-cert.sh to get it signed

执行完毕后,生成了server.csr和server.key这两个文件

7. 签署证书使证书生效

[root@localhost ssl.ca-0.1]# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'CN'
stateOrProvinceName   :PRINTABLE:'JIANGSU'
localityName          :PRINTABLE:'NANJING'
organizationName      :PRINTABLE:'HY'
organizationalUnitName:PRINTABLE:'HY'
commonName            :PRINTABLE:'localhost'
emailAddress          :IA5STRING:'HY@163.com'
Certificate is to be certified until Nov  9 06:26:54 2019 GMT (365 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK

执行完毕后,生成了server.crt文件

以上操作执行完毕后,你会在当前目录看到如下三个文件

[root@254 ssl.ca-0.1]# ll
总用量 96
-rw-r--r-- 1 root root   932 6月  25 09:44 ca.crt
drwxr-xr-x 2 root root    20 6月  25 09:45 ca.db.certs
-rw-r--r-- 1 root root    97 6月  25 09:45 ca.db.index
-rw-r--r-- 1 root root    21 6月  25 09:45 ca.db.index.attr
-rw-r--r-- 1 root root     3 6月  25 09:45 ca.db.serial
-rw-r--r-- 1 root root   963 6月  25 09:43 ca.key
-rw-r--r-- 1  500  500 17992 4月  24 2000 COPYING
-rwxr-xr-x 1  500  500  1460 6月  25 09:43 new-root-ca.sh
-rwxr-xr-x 1  500  500  1539 6月  25 09:43 new-server-cert.sh
-rwxr-xr-x 1  500  500  1049 6月  25 09:43 new-user-cert.sh
-rwxr-xr-x 1  500  500   984 6月  25 09:43 p12.sh
-rw-r--r-- 1  500  500  1024 4月  23 2000 random-bits
-rw-r--r-- 1  500  500 11503 4月  24 2000 README
-rw-r--r-- 1 root root  3092 6月  25 09:45 server.crt   ---------->-rw-r--r-- 1     -rw-r--r-- 1   root root   737 6月  25 09:45 server.csr ---> 后续操主要使用到这三个文件
-rw-r--r-- 1 root root   891 6月  25 09:44 server.key  ---------->
-rwxr-xr-x 1  500  500  2080 6月  25 09:43 sign-server-cert.sh
-rwxr-xr-x 1  500  500  1916 6月  25 09:43 sign-user-cert.sh
-rw-r--r-- 1  500  500    50 4月  24 2000 VERSION

8.替换freeswitch的证书(wss.pem

开始替换证书 [请注意备份freeswitch的证书] 以下是笔者wss.pem所在目录,请根据自身fs所装目录确定证书位置,也可以使用find命令查找

[root@izwz9ixh3287isfn0r8cm6z ~]# find / -name wss.pem
/usr/local/freeswitch/certs/wss.pem  ----->wss.pem所在位置

[root@localhost ssl.ca-0.1]# cd /usr/local/server/software/ssl.ca-0.1
[root@localhost ssl.ca-0.1]# cat server.crt server.key > /usr/local/freeswitch/certs/wss.pem
[root@localhost ssl.ca-0.1]# cat /usr/local/freeswitch/certs/wss.pemCertificate:Data:Version: 3 (0x2)Serial Number: 1 (0x1)Signature Algorithm: sha1WithRSAEncryptionIssuer: C=CN, ST=JIANGSU, L=NANJING, O=HY, OU=HY, CN=HY/emailAddress=HY@163,\x08\x1B[D\x1B[3~ValidityNot Before: Nov  9 06:26:54 2018 GMTNot After : Nov  9 06:26:54 2019 GMTSubject: C=CN, ST=JIANGSU, L=NANJING, O=HY, OU=HY, CN=localhost/emailAddress=HY@163.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionPublic-Key: (1024 bit)Modulus:00:ca:87:6e:7a:b5:0b:40:b4:a5:5f:4c:03:7a:f9:f9:2e:d9:a8:bd:e2:d8:2d:45:dd:a1:58:d8:d4:98:31:e1:aa:bd:43:8d:77:cc:c8:f9:62:56:62:ac:0c:1c:4a:58:b3:46:58:5c:b6:27:a4:17:02:7a:0a:77:06:ba:a5:e9:fb:60:eb:16:45:45:e4:8c:13:ab:48:6f:e4:35:b0:2c:b3:46:91:43:8f:93:f9:9a:ec:bc:b5:46:8f:d2:bd:26:47:07:e1:f4:40:27:76:a1:e3:cf:ce:75:05:1f:d2:6a:37:fc:39:77:74:97:1e:e9:72:2c:5e:91:3c:9e:74:2d:91Exponent: 65537 (0x10001)X509v3 extensions:X509v3 Authority Key Identifier: keyid:DD:66:29:32:E6:2E:98:ED:9A:39:89:C2:EF:07:5C:E3:6E:F9:63:B5X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated CryptoX509v3 Basic Constraints: criticalCA:FALSESignature Algorithm: sha1WithRSAEncryption2a:a5:a6:35:68:a3:b0:e4:3a:77:88:28:e6:39:ca:ba:2e:95:28:b3:7d:b3:53:35:1d:f3:4a:1a:02:f1:c4:03:52:c3:02:e6:5d:d5:29:08:17:41:f0:83:e4:c3:f8:a7:58:88:20:0c:93:ff:78:b4:0b:e6:31:53:13:cb:f3:6c:3c:1b:ea:35:67:1e:1f:89:be:f8:10:cc:ec:0b:a7:75:01:89:72:a8:51:95:03:34:3f:17:7a:f1:fd:54:8d:55:8f:10:91:69:a1:55:c2:c8:76:48:a1:f2:d9:dc:47:47:a7:9e:3a:00:a4:c6:ad:44:67:59:96:21:38:0d:dd:0a-----BEGIN CERTIFICATE-----MIICzzCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSklBTkdTVTEQMA4GA1UEBxMHTkFOSklORzELMAkGA1UEChMCSFkxCzAJBgNVBAsTAkhZMQswCQYDVQQDEwJIWTEeMBwGCSqGSIb3DQEJARYPSFlAMTYzLAgbW0QbWzN+MB4XDTE4MTEwOTA2MjY1NFoXDTE5MTEwOTA2MjY1NFowejELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0pJQU5HU1UxEDAOBgNVBAcTB05BTkpJTkcxCzAJBgNVBAoTAkhZMQswCQYDVQQLEwJIWTESMBAGA1UEAxMJbG9jYWxob3N0MRkwFwYJKoZIhvcNAQkBFgpIWUAxNjMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKh256tQtAtKVfTAN6+fku2ai94tgtRd2hWNjUmDHhqr1DjXfMyPliVmKsDBxKWLNGWFy2J6QXAnoKdwa6pen7YOsWRUXkjBOrSG/kNbAss0aRQ4+T+ZrsvLVGj9K9JkcH4fRAJ3ah48/OdQUf0mo3/Dl3dJce6XIsXpE8nnQtkQIDAQABo2cwZTAfBgNVHSMEGDAWgBTdZiky5i6Y7Zo5icLvB1zjbvljtTA0BgNVHSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBACqlpjVoo7DkOneIKOY5yroulSizfbNTNR3zShoC8cQDUsMC5l3VKQgXQfCD5MP4p1iIIAyT/3i0C+YxUxPL82w8G+o1Zx4fib74EMzsC6d1AYlyqFGVAzQ/F3rx/VSNVY8QkWmhVcLIdkih8tncR0ennjoApMatRGdZliE4Dd0K-----END CERTIFICATE----------BEGIN RSA PRIVATE KEY-----MIICXQIBAAKBgQDKh256tQtAtKVfTAN6+fku2ai94tgtRd2hWNjUmDHhqr1DjXfMyPliVmKsDBxKWLNGWFy2J6QXAnoKdwa6pen7YOsWRUXkjBOrSG/kNbAss0aRQ4+T+ZrsvLVGj9K9JkcH4fRAJ3ah48/OdQUf0mo3/Dl3dJce6XIsXpE8nnQtkQIDAQABAoGAbTYSsUCnTMEc3AKVbd8WK9lbUOneQKuIE9VhN2LKozH61U6X52oIcKq8kqIFL2IdajWD6QX/ShkfzjzY+BU30kyiVhP+iJctfpWr7wlEp8GchteX2RumBRxAsBg2rw6cXdQ9PHo6ykf0nQpwVeiiq2x4ccs4AEWqWkkYVtc9cAECQQDjv0x8USMOr83frD8Egx/c3Os8fDjn7Bq+YKRxuU/qdgqsSAISIMiEWh8h3l+eHDJDmZAF5u2D9FC9mYT8PYtRAkEA46dDSsM7b5yOt6WQO+YyfU968KEDP1rX41davnWh7lbwvuiJIlnJPhZ2rysJY8qs2+r+GAJQTSl7LDwSRcduQQJBANRTJZCE6EUp+6p64ClpwcvcHmc+fKMjyG8SlFz94hZ5REwHuf6Cl85kYr/lnIlASlAhm1cVSvwJSzjoJkYvbnECQQDDDnio4VjWy+S408IeoKGYHvauoLcgnJyn7RwSXsYNai7C1IlThmzYpvSwKAbWmzy6/cETH0BgrO8duqbJZRRBAkAOSOOGHC137WzOwx20iTpqciX8Ir2mOvGMWW8Wd/9pyglapIxq3Hd0cGdIxbqHZpSmN7mkUbgfgvYVlH9fW8lz-----END RSA PRIVATE KEY-----

9.修改freeswitch相关配置

修改internal.xm

[root@254 ssl.ca-0.1]# vim /usr/local/freeswitch/conf/sip_profiles/internal.xml设置wss-binding,默认为7443,可修改<param name="wss-binding" value=":7443"/>执行此命令可以看到wss所绑定的端口[root@254 ssl.ca-0.1]# fs_cli -x 'sofia status profile internal' | grep WSS-BIND-URLWSS-BIND-URL      sips:mod_sofia@192.168.0.254:7443;transport=wss

修改vars.xml

   [root@254 ssl.ca-0.1]# vim /usr/local/freeswitch/conf/vars.xml设置以下参数<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/><X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>

修改完成后,请重启freeswitch,然后执行以下命令[root@localhost ssl.ca-0.1]# fs_cli... ...+OK log level  [7]freeswitch@localhost.localdomain> reloadxml

10.WEB项目使用自签证书

   [root@localhost ssl.ca-0.1]# openssl pkcs12 -export -in /usr/local/server/software/ssl.ca-0.1/server.crt -inkey /usr/local/server/software/ssl.ca-0.1/server.key -out /usr/local/server/software/ssl.ca-0.1/tomcat.p12

11.下面将通过OpenSSL生成证书并让Chrome浏览器识别为安全终极办法

下载windows上适用的openssl

下载地址：http://slproweb.com/products/Win32OpenSSL.html

因我的电脑是64位的，所以我选择下载OpenSSL 1.0.2t Light（64-bit）

按照默认位置安装即可，无需多余设置

12.生成证书

以管理员身份运行cmd，生成证书

我的电脑只有一个盘，所以我先cd到了c盘，然后运行命令，换言之，在哪里运行命令，哪里就是输出路径

完整过程如下图所示

下面是完成代码块

c:\>openssl genrsa -out 136zhengshu.key 2048
Generating RSA private key, 2048 bit long modulus
................................................+++++
.....+++++
e is 65537 (0x10001)

c:\>openssl req -new -key 136zhengshu.key -out 136zhengshu.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:EsriChina
Organizational Unit Name (eg, section) []:Esrichina
Common Name (e.g. server FQDN or YOUR name) []:192.168.100.136
Email Address []:aoj@esrichina.com.cn

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:esrichina

c:\>echo subjectAltName=IP:192.168.100.136,DNS:win136.esrichina.com >cert_extensions

c:\>openssl x509 -req -sha256 -in 136zhengshu.csr -signkey 136zhengshu.key -extfile cert_extensions -out 136zhengshu.crt -days 3650
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=EsriChina/OU=Esrichina/CN=192.168.100.136/emailAddress=aoj@esrichina.com.cn
Getting Private key

c:\>openssl pkcs12 -inkey 136zhengshu.key -in 136zhengshu.crt -export -out 136zhengshu.pfx
Enter Export Password:
Verifying - Enter Export Password:

生成的文件如下：

13.在客户端浏览器中导入证书cer格式（必须）

14.tomcat导入证书和配置

从证书发布者那边下载tomcat版本的证书，一般为zip压缩文件，解压后有两个文件(*.pfx结尾的证书，*password.txt的证书密码)

把pfx文件上传到linux服务器上

切换root用户，把证书文件保存在一个固定的地方，我保存在usr/local/tomcat/conf目录下

修改配置文件serverxml

在msslProtocol="TLS" 后面加上keystoreFile="/usr/local/tomcat/tomcat7/conf/136zhengshu.pfx" keystorePass="1234"

重新TOMcat 浏览器访问https://192.168.0.161:8443/sipml5-master/call.htm#就可以正常通话了

FreeSwitch（CentOs7.0）+WebRTC(web)+座机呼叫(带SSL注册证书)相关推荐

iis服务器怎样配置多张证书,IIS：管理多个 Web 服务器上的多个证书 | Microsoft Docs...
IIS:在多台 Web 服务器上管理多个证书 08/17/2016 本文内容管理大量安全证书是一项繁琐的工作,您可以使用 Windows PowerShell 来加快这一过程. Jason Helm ...
FreeSWITCH+CentOS7.9+firewalld+fail2ban Internet部署的安全加固实战
在Internet上部署sip服务器的同学都知道,各种scanner不停的探测,尝试各种呼叫规则,尝试各类国际呼叫,如果没有前置防火墙,会被烦死,笔者就亲见因sip用户密码设置太简单而被恶意盗打国际长 ...
tomcat7.0.81 linux,Linux/CentOS7.0下安装配置Tomcat8.0
Linux/CentOS7.0下安装配置Tomcat8.0 一.配置Tomcat安装环境 1.下载对应的jdk 我用的是64位的下载地址: 下载将jdk加压后放到/usr/local目录下: 2.建立 ...
Linux CentOS7.0下JAVA安装和配置环境变量
一.前言: CentOS7.0虽然自带JDK1.7和1.8,运行"java -version"命令也可以看到版本信息,但是jdk的安装环境不全,比如缺少tool.jar和dt.ja ...
【实例图文详解】OAuth 2.0 for Web Server Applications
原文链接:http://blog.csdn.net/hjun01/article/details/42032841 OAuth 2.0 for Web Server Applicatio ...
linux7.0使用教程,CentOS7.0使用手册精编.pdf
CentOS7.0 手册第一部分:显卡驱动安装篇 (针对单显卡而言) 或许CentOS7.0 版本是遇到的装显卡驱动最烦的一个,相比Ubuntu .CentOS7.0 之前版本(如:CentOS6 ...
Centos7.0安装 Lets encrypt 的SSL证书
Centos7.0安装 Lets encrypt 的SSL证书本文链接:https://blog.csdn.net/yangshuai518/article/details/99951202 1.安 ...
【CNMP系列】CentOS7.0下安装Nginx服务
[CNMP系列]CentOS7.0下安装Nginx服务话步前言,CNMP之路,系统起步:http://www.cnblogs.com/riverdubu/p/6425028.html 这回我来讲解下 ...
一文读懂“什么是Web 1.0，Web 2.0，Web 3.0？”
文章目录 1. Web3.0 简述与理解 2. Web 1.0 3. Web 2.0 4. Web 3.0 5. 结语最近的投融资中Web 3.0的趋势直线上升,那么受到众多资本喜爱的Web 3.0 ...

FreeSwitch（CentOs7.0）+WebRTC(web)+座机呼叫(带SSL注册证书)

FreeSwitch（CentOs7.0）+WebRTC(web)+座机呼叫完成版带SSL注册证书

前言

1.freeswitch的安装，CentOS7原本yum安装起来比较慢，提倡更换yum源会快许多，我的快了3个小时。yum源（CentOS-Base.repo）

2.先安装依赖

3.下载源码

1. cd /usr/local/src

2.git clone -b v1.6 https://git.oschina.net/nwaycn/freeswitch.git freeswitch

4.编译与安装

cd /usr/local/src/freeswitch ./bootstrap.sh -j ./configure make make -j install make -j cd-sounds-install make -j cd-moh-install

5.效果展示

输入freeswitch ,如果输入freeswitch

freeswitch启动成功

6.配置WebRTC 从网上下载sipml5软件包

git clone https://github.com/DoubangoTelecom/sipml5

需要在linux服务器上部署，咱们需要安装tomcat7 jdk1.7 配置环境变量，至于如何配置和安装，这里我就不详细说了，网上有诸多教程

环境配置好后，将将整个目录复制到Tomcat的webapps目录下

启动Freeswitch tomcat

打开网页：http://服务器IP:8080/sipml5/expert.htm

我的包名是sipml5-master

我的浏览器和tomcat都是下载了ssl证书的所以可以直接呼叫座机，你的如果用的http是点呼叫是没反应的。

需要先配置专家模式

专家模式配置好后就可以连接登录了，登录成功后就可以呼叫了，正常的话会显示通话中，座机注册1002后，拨打1002就可以听到声音了。

下面开始介绍三个证书的注册下载导入和配置

freeswitch使用自签证书,配置WSS

1.使用SSL-TOOLS生成自签证书

2.下载ssl.ca-0.1.tar.gz

3.解压ssl.ca-0.1.tar.gz

4.执行以下命令

5.生成根证书

执行完毕后,会在当前目录生成ca.key和ca.crt两个文件

6.为我们的服务器生成一个证书

执行完毕后,生成了server.csr和server.key这两个文件

7. 签署证书使证书生效

执行完毕后,生成了server.crt文件

以上操作执行完毕后,你会在当前目录看到如下三个文件

8.替换freeswitch的证书(wss.pem

开始替换证书 [请注意备份freeswitch的证书] 以下是笔者wss.pem所在目录,请根据自身fs所装目录确定证书位置,也可以使用find命令查找

9.修改freeswitch相关配置

修改internal.xm

修改vars.xml

10.WEB项目使用自签证书

11.下面将通过OpenSSL生成证书并让Chrome浏览器识别为安全终极办法

下载windows上适用的openssl

下载地址：http://slproweb.com/products/Win32OpenSSL.html

因我的电脑是64位的，所以我选择下载OpenSSL 1.0.2t Light（64-bit）

按照默认位置安装即可，无需多余设置

12.生成证书

以管理员身份运行cmd，生成证书

我的电脑只有一个盘，所以我先cd到了c盘，然后运行命令，换言之，在哪里运行命令，哪里就是输出路径

完整过程如下图所示

下面是完成代码块

生成的文件如下：

13.在客户端浏览器中导入证书cer格式（必须）

14.tomcat导入证书和配置

从证书发布者那边下载tomcat版本的证书，一般为zip压缩文件，解压后有两个文件(*.pfx结尾的证书，*password.txt的证书密码)

把pfx文件上传到linux服务器上

切换root用户，把证书文件保存在一个固定的地方，我保存在usr/local/tomcat/conf目录下

修改配置文件serverxml

在msslProtocol="TLS" 后面加上keystoreFile="/usr/local/tomcat/tomcat7/conf/136zhengshu.pfx" keystorePass="1234"

重新TOMcat 浏览器访问https://192.168.0.161:8443/sipml5-master/call.htm#就可以正常通话了

FreeSwitch（CentOs7.0）+WebRTC(web)+座机呼叫(带SSL注册证书)相关推荐

最新文章

热门文章

cd /usr/local/src/freeswitch
./bootstrap.sh -j
./configure
make
make -j install
make -j cd-sounds-install
make -j cd-moh-install

从证书发布者那边下载tomcat版本的证书，一般为zip压缩文件，解压后有两个文件(.pfx结尾的证书，password.txt的证书密码)