Certificate

From Vodia PBX Wiki
Jump to: navigation, search

The system supports HTTPS, TLS, and SRTP. These protocols require a digital certificate and a private key for secure communication (the private key will be used for encrypting messages). Certificates are used to indicate to your communication partner that you are who you claim you are. This is done using a third party who certifies your identity and issues you a certificate that comes with a domain name. The certificate will be checked by clients that need to trust you. Usually, certificates are used for web services; however, the same certificates can also be used for SIP services. The system can support multiple certificates, so you can have a certificate for each domain.

Purpose

By using a certificate, you defend your installation against DNS redirection attacks. An attacker might get control over a DNS server (which you do not operate) and redirect all requests to their server. Although the attacker might be able to present the same certificate that you have, he does not have the private key that you used when you requested the certificate from the trusted third party. Therefore, the attacker will be unable to establish secure communication. This way, the user agent can check if the host that he contacted is really the desired host and deny the connection if the public and the private keys do not match.