mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-06 12:36:58 +00:00
89a16f9c81
https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r292740 | twilson | 2010-10-22 09:49:34 -0700 (Fri, 22 Oct 2010) | 45 lines Add TLS cert helper script This script is useful for quickly generating self-signed CA, server, and client certificates for use with Asterisk. It is still recommended to obtain certificates from a recognized Certificate Authority and to develop an understanding how SSL certificates work. Real security is hard work. OPTIONS: -h Show this message -m Type of cert "client" or "server". Defaults to server. -f Config filename (openssl config file format) -c CA cert filename (creates new CA cert/key as ca.crt/ca.key if not passed) -k CA key filename -C Common name (cert field) For a server cert, this should be the same address that clients attempt to connect to. Usually this will be the Fully Qualified Domain Name, but might be the IP of the server. For a CA or client cert, it is merely informational. Make sure your certs have unique common names. -O Org name (cert field) An informational string (company name) -o Output filename base (defaults to asterisk) -d Output directory (defaults to the current directory) Example: To create a CA and a server (pbx.mycompany.com) cert with output in /tmp: ast_tls_cert -C pbx.mycompany.com -O "My Company" -d /tmp This will create a CA cert and key as well as asterisk.pem and the the two files that it is made from: asterisk.crt and asterisk.key. Copy asterisk.pem and ca.crt somewhere (like /etc/asterisk) and set tlscertfile=/etc/asterisk.pem and tlscafile=/etc/ca.crt. Since this is a self-signed key, many devices will require you to import the ca.crt file as a trusted cert. To create a client cert using the CA cert created by the example above: ast_tls_cert -m client -c /tmp/ca.crt -k /tmp/ca.key -C "Joe User" -O \ "My Company" -d /tmp -o joe_user This will create client.crt/key/pem in /tmp. Use this if your device supports a client certificate. Make sure that you have the ca.crt file set up as a tlscafile in the necessary Asterisk configs. Make backups of all .key files in case you need them later. ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@292743 65c4cc65-6c06-0410-ace0-fbb531ad65f3
messages-expire.pl messages-expire finds messages more than X days old and deletes them. Because the older messages will be the lower numbers in the folder (msg0000 will be older than msg0005), just deleting msg0000 will not work. expire-messages then runs a routine that goes into every folder in every mailbox to reorganize. If the folder contains msg0000, no action is taken. If the folder does not, the rename routine takes the oldest message and names it msg0000, the next oldest message and names it msg0001 and so on. The file deletion is done by the -exec parameter to 'find'. It would be far more efficient to take the output from 'find' and just reorganize the directories from which we deleted a file. Something for the future... Keep in mind that messages are deleted at the beginning of the script you will have mailbox trouble if you check messages before the script reorganizes your mailbox. To use it, make sure the paths are right. Adjust $age (originally set to 31) if necessary.