1

I'd like to know if it is possible to configure a certificate for wss when using restcomm sipservlets with a keystoretype PKCS12

I found this post: SIPML 5 Client and SipServlets not works Using WSS

and looked to modify the suggestion to :

gov.nist.javax.sip.TLS_CLIENT_AUTH_TYPE=Disabled
javax.net.ssl.keystoreFile="conf/STAR_domain.pfx"
javax.net.ssl.keyStorePassword="pkcspass"
javax.net.ssl.keystoreType="PKCS12"

my connector config:

     <Connector port="10443" 
     ipAddress = "ip.address"
     protocol="org.mobicents.servlet.sip.startup.SipProtocolHandler"
     signalingTransport="wss"/>

When opening a socket to this port I don't get a server hello. Meaning the cert wasn't loaded?

Community
  • 1
  • 1
100_Trying
  • 69
  • 6

1 Answers1

1

Please Read and follow the steps at http://docs.telestax.com/sip-servlets-security/

jeand
  • 2,325
  • 14
  • 12
  • Jean, I got to 7.2.3 I was able to enable https using the keystore/JSK file and the cert is offered during the connection. As far as the wss connector goes I cannot open socket nor does the documentation define where the wss certificate is defined. I am using restcomm-sip-servlets-4.0.75-apache-tomcat-8.0.26 and the location is under conf/server.xml am I missing something? – 100_Trying May 05 '16 at 21:34
  • You configured the HTTPs connector with the certificate information, you need to do the same thing for the WSS connector. Unfortunately the configuration for that is located at the SIP Stack level, so you need to edit your conf/mss-sip-stack.properties and add gov.nist.javax.sip.TLS_CLIENT_AUTH_TYPE=Disabled javax.net.ssl.keyStore=$TRUSTSTORE_FILE javax.net.ssl.keyStorePassword=$TRUSTSTORE_PASSWORD javax.net.ssl.trustStorePassword=$TRUSTSTORE_PASSWORD javax.net.ssl.trustStore=$TRUSTSTORE_FILE javax.net.ssl.keyStoreType=JKS – jeand May 06 '16 at 09:12
  • It would make sense to look at the logs and see if there is any exception as well. – jeand May 06 '16 at 09:12
  • 1
    Thank you for your guidance Jean. Here are my configs in anyone needs a reference javax.net.ssl.keyStore=////etc/restcomm-sip-servlets-4.0.75-apache-tomcat-8.0.26/conf/myserver.jks javax.net.ssl.keyStorePassword=12345 javax.net.ssl.trustStorePassword=67890 javax.net.ssl.trustStore=/usr/lib/jvm/jre/lib/security/truststore.ts javax.net.ssl.keyStoreType=JKS Take note that unlike the server.xml connector the path here does not have to be in quotes. – 100_Trying May 06 '16 at 19:45
  • Thanks for posting the final solution for others reference @100_Trying – jeand May 06 '16 at 20:44