Hi Atul, It seems x509 only displays the first certificate in the file. If you use the concatenated CA file with PJSIP, does it work as expected? Bill On 10/6/2014 2:00 PM, Atul Thosar wrote: > Hi Bill, > Thanks for the response. I understood CA file is used to verify server > certificate. I have two separate installations of FreeSwitch PBXs on > separate machines and two CA files are generated. With PJSIP, we have > only one option to specify CA file (--tls-ca-file). Therefore I wonder > how should I merge these two CA files. I do not get any help on this. > Any further pointers on this? Please correct if I am missing anything > here. > > Btw > I simple concatenate two CA files into one and with following command, > > $ > openssl x509 -noout -inform pem -text -in <combined CA file> > > it only shows information of 1st certificate. > > I am not getting this exactly. Could anyone please clarify/correct me? > > -- > Thanks, > > Atul Thosar > > > > On 22 September 2014 20:19, Bill Gardner <billg at wavearts.com > <mailto:billg at wavearts.com>> wrote: > > Hi Atul, > > You can't specify separate certificate authority files per > account, I don't understand why you would want this. But you can > put multiple certificates in the CA file. A typical CA file would > have a dozen or so trusted authority certificates. > > Regards, > > Bill > > > > On 9/22/2014 8:09 AM, Atul Thosar wrote: >> Hi All, >> I am using PJSIP as SIP client and trying to enable TLS/SRTP >> support in PJSIP. >> >> I have observed, there is only one config option to specify root >> certificate (--tls-ca-file). I want to provide separate root >> certificate for each account configured. How could we achieve >> this with single --tls-ca-file option? >> >> I went through related wiki links >> "https://trac.pjsip.org/repos/wiki/TLS"; and >> "http://trac.pjsip.org/repos/wiki/SRTP";, but could not get it >> exactly. >> >> Any pointers on this would be great help. >> >> -- >> Thanks, >> Atul Thosar >> >> >> >> _______________________________________________ >> Visit our blog:http://blog.pjsip.org >> >> pjsip mailing list >> pjsip at lists.pjsip.org <mailto:pjsip at lists.pjsip.org> >> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org <mailto:pjsip at lists.pjsip.org> > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > > > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20141006/a449d7f0/attachment.html>
