diff options
| author | David Vossel <dvossel@digium.com> | 2009-04-24 21:22:31 +0000 |
|---|---|---|
| committer | David Vossel <dvossel@digium.com> | 2009-04-24 21:22:31 +0000 |
| commit | 8f0b88c8c86182565c7c6a20c1f0cb3df973474d (patch) | |
| tree | c2829c1079c16807c9e5e9958eb3fdf96d9a25f6 /configs/http.conf.sample | |
| parent | c95c0659030ba98dc2720df029f289ccdd545249 (diff) | |
TLS/SSL private key option
Adds option to specify a private key .pem file when configuring TLS or SSL in AMI, HTTP, and SIP. Before this, the certificate file was used for both the public and private key. It is possible for this file to hold both, but most configurations allow for a separate private key file to be specified. Clarified in .conf files how these options are to be used. The current conf files do not explain how the private key is handled at all, so without knowledge of Asterisk's TLS implementation, it would be hard to know for sure what was going on or how to set it up.
Review: http://reviewboard.digium.com/r/234/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@190545 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'configs/http.conf.sample')
| -rw-r--r-- | configs/http.conf.sample | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/configs/http.conf.sample b/configs/http.conf.sample index f15c9cf72..9d3769712 100644 --- a/configs/http.conf.sample +++ b/configs/http.conf.sample @@ -52,12 +52,16 @@ bindaddr=127.0.0.1 ; sslbindport=4433 ; port to use - default is 8089 ; sslbindaddr=0.0.0.0 ; address to bind to - default is bindaddr. ; -; sslcert=/tmp/foo.pem ; path to the certificate ; -; To produce a certificate you can e.g. use openssl -; openssl req -new -x509 -days 365 -nodes -out /tmp/foo.pem -keyout /tmp/foo.pem +; sslcert=</path/to/certificate.pem> ; path to the certificate file (*.pem) only. +; sslprivatekey=</path/to/private.pem> ; path to private key file (*.pem) only. +; If no path is given for sslcert or sslprivatekey, default is to look in current +; directory. If no sslprivatekey is given, default is to search sslcert for private key. +; +; To produce a certificate you can e.g. use openssl. This places both the cert and +; private in same .pem file. +; openssl req -new -x509 -days 365 -nodes -out /tmp/foo.pem -keyout /tmp/foo.pem ; - ; The post_mappings section maps URLs to real paths on the filesystem. If a ; POST is done from within an authenticated manager session to one of the ; configured POST mappings, then any files in the POST will be placed in the |