...
- If TLS support is not included in your installation, get OpenSER 1.2 with TLS. This example uses the source code at
http://www.openser.org/pub/openser/latest/src/openser-1.2.0-tls_src.tar.gz - Carefully observe the installation notes:
http://www.openser.org/mos/view/-OpenSER-Installation-Notes/ - Either you enforce to use user accounts or you have
- Special care should be taken to install the packages:
- mysql-server
- libmysqlclient-dev
- libssl0.9.8-dev
- Make sure you build openser including TLS. There are several options, like changing the line in the makefile to the following:
TLS=1
and that you include mysql support:
make all include_modules="mysql"
make installNote title Note: file locations differ Note that the compiled version puts openser in different directory compared to the openser package. The config file is in
/usr/local/etc/openser/openser.cfg
and the modules are in
/usr/local/lib/openser/modules
and the certificate information is in
/usr/local/etc/openser/tls/user - run mysqldb.sh to create the database
- add the certificate chain of domainA and domainB in PEM format to the CA list file in
/usr/local/etc/openser/user/user-calist.pem
You can open the file in a text editor and add the certificate string at the end of the file. - put the private key and public key of the server certificate in
/usr/local/etc/openser/tls/user/user_privkey.pem and
/usr/local/etc/openser/tls/user/user_cert.pem
(you're free to choose file names and locations, these are the config defaults)
...