I would like to config my system for TLS. I have read the wiki for TLS config and I am wondering if I can use a self-signed certificate to test/config the system with different brands of telephones and then get a commercial certificate if I am going to deploy this system?
When people say self-signed, do they really mean self-signed server certificates, or do they mean a corporate or departmental root CA? The scripts that come with Asterisk do the latter.
In many cases, if you have a security aware IT department, a private CA could be a better solution than a commercial one. The advantage of a commercial one is that browsers and phones may come preconfigured to trust it. A possible disadvantage is some of the ones they trust might not be that trustworthy.