Openplatform.xyz Follow @openplatformxyz

Placeholder for our stuff related to Telecom, IT, Internet of things (IOT), ESP8266, Raspberry Pi

Home IOT Telecom IT stuff About Us Contact Us Site Map

SIPp: Generate TLS call

Dec 28, 2021

Install sipp

# yum install -y cmake gcc gcc-c++ ncurses ncurses-devel openssl libnet libpcap libpcap-devel gsl gsl-devel
# yum install lksctp*
# yum install openssl-devel*
# wget https://github.com/SIPp/sipp/releases/download/v3.6.1/sipp-3.6.1.tar.gz
# tar -xzvf sipp-3.6.1.tar.gz
# cd sipp-3.6.1
# cmake . -DUSE_SSL=1 -DUSE_SCTP=1 -DUSE_PCAP=1 -DUSE_GSL=1
# make

Generate openssl certificate in sipp directory

 # openssl req -newkey rsa:2048 -x509 -keyout cakey.pem -out cacert.pem -days 3650 -nodes

Note: While using "-nodes" attribute your private key will not be encrypted. System will not prompt for password.

Verify cacert.pem and cakey.pem are in sipp directory.

Add cacert.pem in remote node

Make a test call

On UAC

 # ./sipp -i 10.108.60.155 -p 5070 -t l1 -sn uac -s 9876543210 -m 1 10.108.61.122:5066

On UAS

 # ./sipp -i 10.108.60.155 -p 5070 -t l1 -sn uas

Alternate Method

Build certs for TLS based sipp UAS server

make master dir for all certs
# mkdir certs
# chmod 0700 certs
# cd certs

Make CA folder, create cert and check
# mkdir demoCA
# cd demoCA
# mkdir newcerts
# echo '01' > serial
# touch index.txt
# openssl req -new -x509 -extensions v3_ca -keyout key.pem -out cert.pem -days 3650

Validation of the contents of certs ( optional )
# openssl x509 -in cert.pem -noout -text
# openssl x509 -in cert.pem -noout -dates
# openssl x509 -in cert.pem -noout -purpose

Make domain folder and create the certs for the sip domain name from parent and check. Here 10.122.24.29 is my sipp server ip
# cd ..
# mkdir 10.122.24.29
# openssl req -new -nodes -keyout key.pem -out req.pem

Create demoCA.conf in demoCA folder

# vi demoCA.conf

# we use 'ca' as the default section because we're usign the ca command
[ ca ]
default_ca = demoCA

[ demoCA ]
dir = /root/certs/demoCA           # Where everything is kept
#  a text file containing the next serial number to use in hex. Mandatory.
#  This file must be present and contain a valid serial number.
serial = $dir/serial

# the text database file to use. Mandatory. This file must be present though
# initially it will be empty.
database = $dir/index.txt

# specifies the directory where new certificates will be placed. Mandatory.
new_certs_dir = $dir/newcerts

# the file containing the CA certificate. Mandatory
certificate = $dir/cert.pem

# the file contaning the CA private key. Mandatory
private_key = $dir/key.pem

# the message digest algorithm. Remember to not use MD5
default_md = sha1

# for how many days will the signed certificate be valid
default_days = 365

# a section with a set of variables corresponding to DN fields
policy = my_policy

[ my_policy ]
# if the value is "match" then the field value must match the same field in the
# CA certificate. If the value is "supplied" then it must be present.
# Optional means it may be present. Any fields not mentioned are silently
# deleted.
countryName = match
stateOrProvinceName = supplied
organizationName = supplied
commonName = supplied
organizationalUnitName = optional
commonName = supplied

Give following commands to sign cert by demoCA

# ls
10.122.24.29 demoCA
# openssl ca -config /root/certs/demoCA/demoCA.conf -days 730 -out 10.122.24.29/cert.pem -keyfile demoCA/key.pem -cert demoCA/cert.pem -infiles 10.122.24.29/req.pem
Using configuration from /root/certs/demoCA/demoCA.conf
Enter pass phrase for demoCA/key.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'IN'
stateOrProvinceName :ASN.1 12:'MH'
localityName :ASN.1 12:'PUNE'
organizationName :ASN.1 12:'dialogic'
organizationalUnitName:ASN.1 12:'pse'
commonName :ASN.1 12:'sipp.superserver.com'
emailAddress :IA5STRING:'[email protected]'
Certificate is to be certified until Jan 21 17:12:54 2024 GMT (730 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Verify the generated certificate for for SIP domain
# openssl x509 -in 10.122.24.29/cert.pem -noout -text

Run sipp UAS
# sipp -sn uas -p 5061 -t l1 -tls_key /root/certs/10.122.24.29/key.pem -tls_cert /root/certs/10.122.24.29/cert.pem -i 10.122.24.29

Run sipp UAC
# sipp 10.122.24.29:5061 -s 1234567890 -sn uac -t l1 -tls_key /root/certs/10.122.24.29/key.pem -tls_cert /root/certs/10.122.24.29/cert.pem -i 10.122.23.29

Index

Suresh Hariramani

I am an IOT enthusiast with more than 20 years of experience in the IT sector. Specializing in telecom service's; follow me for some very innovative and best in class IOT products as I unfold my knowledge and passion for the subject.

Vatsal Hariramani

Just me, myself and I, exploring the universe of uknownment. I have a heart of love and interests in technology, IOT and travel . And I want to share my world with you .