Certificate Authority

This site runs its own certificate authority for the purpose of client and server authentication using TLS/SSL. At the moment certificates generated by the certificate authority are used to secure the web server (most pages on the web server are also available through HTTPS), in the future we will also configure our SIP servers to use TLS and issue client certificates that can be used in SIP user agents.

How to apply for a certificate

1. Generate a private key and keep it secret:

   $ openssl genrsa -out client.key 1024 $ chmod 400 client.key      

2. Generate certificate signing request:

   $ openssl req -new -nodes -key client.key -out client.csr      

3. Send client.csr file by email to ca@iptel.org along with description of intended use. You will get the certificate back signed by the iptel.org certificate authority.

You can then import the certificate and key into your SIP UA/email client/web browser. The certificate will send you the certificate in PEM format.

Converting to PKCS#12 format

Some applications (mozilla, thunderbird) can only import certificates in PKCS#12 format. To convert the certificate from PEM format to PKCS#12 format do the following (note that you need to have the iptel.org CA certificate saved in file iptel.org-ca.pem):

$ openssl pkcs12 -export -in client-cert.pem -inkey client.key -certfile iptel.org-ca.pem \                  -name "My certificate" -out client-cert.p12 

Certificate of iptel.org Certificate Authority

You can import the certificate below into your web browser. This will avoid the annoying warning when you access to the web pages using HTTPS.

-----BEGIN CERTIFICATE----- MIIDmDCCAwGgAwIBAgIJAKc3PcvJ6OQCMA0GCSqGSIb3DQEBBAUAMHgxCzAJBgNV BAYTAkRFMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ8wDQYDVQQHEwZCZXJsaW4xEjAQ BgNVBAoTCWlwdGVsLm9yZzESMBAGA1UEAxMJaXB0ZWwub3JnMRswGQYJKoZIhvcN AQkBFgxjYUBpcHRlbC5vcmcwHhcNMDYwMjAyMjA1MDE3WhcNMTYwMTMxMjA1MDE3 WjB4MQswCQYDVQQGEwJERTETMBEGA1UECBMKU29tZS1TdGF0ZTEPMA0GA1UEBxMG QmVybGluMRIwEAYDVQQKEwlpcHRlbC5vcmcxEjAQBgNVBAMTCWlwdGVsLm9yZzEb MBkGCSqGSIb3DQEJARYMY2FAaXB0ZWwub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCkVx0OPGGYS5wbRQZiWP8CtofU5V+S/dth3iL0YeGP1cIxfWKR5cfe 5PZFwZwMyQDSD3PVBcLrgWcJjohf7Oh82litUNm5jXpgfASHkYcPMyYm30eHyJdG If6FU1QMJtM0AWQNCO0e6JrqwEYgXCRvE2VMMZNSOPjSutCyN8HzTwIDAQABo4IB KDCCASQwHQYDVR0OBBYEFGIspVWBSLOqS3rfKFxecNWCXeC2MIGqBgNVHSMEgaIw gZ+AFGIspVWBSLOqS3rfKFxecNWCXeC2oXykejB4MQswCQYDVQQGEwJERTETMBEG A1UECBMKU29tZS1TdGF0ZTEPMA0GA1UEBxMGQmVybGluMRIwEAYDVQQKEwlpcHRl bC5vcmcxEjAQBgNVBAMTCWlwdGVsLm9yZzEbMBkGCSqGSIb3DQEJARYMY2FAaXB0 ZWwub3JnggkApzc9y8no5AIwDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhCAQEE BAMCAQYwCQYDVR0SBAIwADAXBgNVHREEEDAOgQxjYUBpcHRlbC5vcmcwDgYDVR0P AQH/BAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBAG3yOzfRx6GrMK0y6iy4/NBbnGUa uoZaS7rzuo2NRdcM+l111XtriuxXjFasRY4kiFtqaeTabmedK7W4BcVRAS5CCkgE iAnHV+kezjtLvwdxInCYJyg/m1Tc68GZpVMHLmBuRA7HsQDKStsSuryFs9+KC65b kHlC+hQBFUpp/WzB -----END CERTIFICATE----- 

CA Certificate Fingerprints

SHA1 Fingerprint: AC:FC:29:78:C2:94:BA:50:E1:C8:2A:8E:CD:8D:BB5:C0:D0:60:12:66
MD5 Fingerprint: D6:2A:8E:83:FF:87:89:05:A6:95:F2:38:C5:19:EC:53

Attachment	Size
iptel.org-ca.pem	1.28 KB