1 Reply Latest reply on Apr 5, 2006 8:43 AM by 843853

    NIST Example of TLS with JAIN SIP


      Is there anyone who have successfully run the example given by nist for the SIP over TLS. If so please help me in doing it...

      This is the link for the source code...

      With Regards,
      Litty Preeth
        • 1. Re: NIST Example of TLS with JAIN SIP
          This is an old question--probably resolved by now. But I wish the (obvious) answer had been posted. Would have saved me a bit of digging.

          So...the straightforward way to get the NIST tls example to work is either

          (A) Follow their README.txt instructions exactly (NOT RECOMMENDED):

          1. Extract self-signed cert from test keystore:
          keytool -export -file testCert.der -keystore testKeyStore (the password is testPass)

          2. Import it into the JVM store (this is the NOT RECOMMENDED part):
          keytool -import -file testCert.der -keystore <jre path>/lib/security/cacerts (default password is "changeit")

          NOT RECOMMENDED because now by default, your JVM will always trust ANY program that presents you with this (insecure) test certificate.

          (B) The simpler and safer approach is to tell the client to use the testKeyStore as its trustStore (not keyStore), instead of the default cacerts file. (I don't know why the nist-sip developer's didn't just do this in their makefile for the tls example code!)

          If you're running the sample code from the makefile, for the CLIENT target (shootist), change the JVM parameters:
             -Djavax.net.ssl.keyStore=testKeyStore -Djavax.net.ssl.keyStorePassword=testPass
           -Djavax.net.ssl.trustStore=testKeyStore -Djavax.net.ssl.trustStorePassword=testPass
          This is all that is required to run the example.