Hi Iñaki, This is the exact problem. If server only uses domain based TLS certificates, SIP clients which have been used IP Address to reach server dont accept that certificate and TLS binding gets failed. I was just trying to find out if there is any mechanism where multiple identities of server can be send in the certificate and subjectAltName should resolve this....
Best Regards, Vivek Batra -----Original Message----- From: sip-implementors-boun...@lists.cs.columbia.edu [mailto:sip-implementors-boun...@lists.cs.columbia.edu] On Behalf Of Iñaki Baz Castillo Sent: Monday, June 13, 2011 7:25 PM To: Vivek Batra Cc: sip-implementors@lists.cs.columbia.edu Subject: [Spam] :Re: [Sip-implementors] CN field in Server Certificate during SIP TLS call when server is connected behind the NAT router 2011/6/13 Vivek Batra <vivek.ba...@matrixcomsec.com>: > However, when IP-PBX is connected behind the NAT router with private IP > address assigned on its Ethernet interface (SIP clients on public network > can reach IP-PBX through port forwarding), now X-Lite softphone sends the > TLS binding request on public interface of router and router forwards this > TLS binding request to the IP-PBX connected behind it (port forwarding is > enabled in the router). In result, IP-PBX returns server certificate with CN > field as its private IP Address, but since X-Lite softphone has been sent > TLS binding request on public IP address of router and expect the same > public IP address in CN field of server certificate, TLS binding gets failed > at this moment. I would like to know if you have ever come to know about > such problem.. I think the description of the problem is self-explanatory. I wonder: isn't much better to use domain based TLS certificates? -- Iñaki Baz Castillo <i...@aliax.net> _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
