1
|
#
|
2
|
# $Id$
|
3
|
#
|
4
|
# Example Kamailio TLS Configuration File
|
5
|
#
|
6
|
|
7
|
# This is the default server domain, settings
|
8
|
# in this domain will be used for all incoming
|
9
|
# connections that do not match any other server
|
10
|
# domain in this configuration file.
|
11
|
#
|
12
|
# We do not enable anything else than TLSv1
|
13
|
# over the public internet. Clients do not have
|
14
|
# to present client certificates by default.
|
15
|
#
|
16
|
[server:default]
|
17
|
method = TLSv1
|
18
|
verify_certificate = no
|
19
|
require_certificate = no
|
20
|
private_key = /etc/letsencrypt/live/do4.callcenterflex.com.br/privkey.pem
|
21
|
certificate = /etc/letsencrypt/live/do4.callcenterflex.com.br/cert.pem
|
22
|
|
23
|
#ca_list = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
24
|
#ca_list = /etc/ssl/certs/ca-bundle.crt
|
25
|
#crl = ./modules/tls/crl.pem
|
26
|
|
27
|
# This is the default client domain, settings
|
28
|
# in this domain will be used for all outgoing
|
29
|
# TLS connections that do not match any other
|
30
|
# client domain in this configuration file.
|
31
|
# We require that servers present valid certificate.
|
32
|
#
|
33
|
[client:default]
|
34
|
verify_certificate = no
|
35
|
require_certificate = no
|
36
|
|
37
|
# This is an example server domain for TLS connections
|
38
|
# received from the loopback interface. We allow
|
39
|
# the use of SSLv2 and SSLv3 protocols here, we do
|
40
|
# not require that clients present client certificates
|
41
|
# but if they present it it must be valid. We also use
|
42
|
# a special certificate and CA list for loopback
|
43
|
# interface.
|
44
|
#
|
45
|
#[server:127.0.0.1:5061]
|
46
|
#method = SSLv23
|
47
|
#verify_certificate = yes
|
48
|
#require_certificate = no
|
49
|
#private_key = ./modules/tls/local_key.pem
|
50
|
#certificate = ./modules/tls/local_cert.pem
|
51
|
#verify_depth = 3
|
52
|
#ca_list = local_ca.pem
|
53
|
#crl = local_crl.pem
|
54
|
|
55
|
# Special settings for the iptel.org public SIP
|
56
|
# server. We do not verify the certificate of the
|
57
|
# server because it can be expired. The server
|
58
|
# implements authentication using SSL client
|
59
|
# certificates so configure the client certificate
|
60
|
# that was given to use by iptel.org staff here.
|
61
|
#
|
62
|
#[client:195.37.77.101:5061]
|
63
|
#verify_certificate = no
|
64
|
#certificate = ./modules/tls/iptel_client.pem
|
65
|
#private_key = ./modules/tls/iptel_key.pem
|
66
|
#ca_list = ./modules/tls/iptel_ca.pem
|
67
|
#crl = ./modules/tls/iptel_crl.pem
|