RFC5766-Turn Server with TLS

Question

RFC5766-Turn Server with TLS

I am trying to start my TURN server with TLS enabled. To start the server, I use the following line:

daemon --user=$USER $TURN $OPTIONS --tls-listening-port 3478 --cert /root/cert_2014_11/my_domain_nl.crt --pkey /root/cert_2014_11/my_domain_nl.key --CA-file /root/cert_2014_11/PositiveSSLCA2.crt

Environment variables are set in the configuration file. The server works fine without TLS using the same start line, but if I add three arguments related to SSL, the server is still unavailable through TLS. I tried setting a different port for the SLL instead of the standard port, but it still didn't work. No matter what I do, I can get to the server without SLL, but over TLS I can not reach it. The certificate chain that I use, if that's good, I use it for our website as well.

+5

ssl webrtc turn rfc5766turnserver

Patrick wisgerhof Nov 28 '14 at 7:54

source share

1 answer

Bradley T. Hughes · Answer 1 · 2014-12-05T09:14:44+0000

I ran into this problem. See the documentation for the -CA file argument:

 --CA-file <filename> CA file in OpenSSL format. Forces TURN server to verify the client SSL certificates. By default, no CA is set and no client certificate check is performed.

This argument is only necessary when you will be checking client certificates. This is not a certificate chain for your server certificate.

Drop the -CA-file argument while retaining the -cert and -pkey arguments.

EDIT: FYI, the certificate file that you pass to the --cert parameter can contain a whole chain of certificates (your and your CAs).

RFC5766-Turn Server with TLS

More articles: