[asterisk-users] Asterisk 1.8 secure SIP session only

[Markos Vakondios]

Your CA cert is missing.

Add in sip.conf:

tlscafile=/etc/asterisk/keys/ca.crt

You don't need:
tlscapath=/etc/asterisk/keys

On 4 May 2016 at 19:43, Motty Cruz <motty.cruz at gmail.com> wrote:

> Hello, I am trying to secure SIP session with TLS on Asterisk Server 1.8.
> I keep getter an error,
>
>   == Problem setting up ssl connection: error:14094418:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254
> handle_tcptls_connection: FILE * open failed!
>
> I tried both signed and self-signed cert to no avail.
>
> Here is my Configuration:
>
> Sip.conf
>
> tlsenable=yes
>
> tlsbindaddr=0.0.0.0
>
> tlscertfile=/etc/asterisk/keys/box1.pem
>
> tlscapath=/etc/asterisk/keys
>
> tlscipher=ALL
>
> tlsclientmethod=tlsv1
>
>
>
> sip.conf ext.
>
> [5006]
>
> type=peer
>
> context=sipext
>
> call-limit=3
>
> trustrpid=no
>
> callerid="Rec" <5006>
>
> disallow=all
>
> allow=ulaw
>
> allow=alaw
>
> username=5006
>
> secret=9fcbb025200881850526bc57d59885c3
>
> dtmfmode=rfc2833
>
> host=dynamic
>
> mailbox=5006
>
> nat=yes
>
> canreinvite=no
>
> transport=tls
>
>
>
>   == Problem setting up ssl connection: error:14094418:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254
> handle_tcptls_connection: FILE * open failed!
>
> Any ideas?
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160504/b2b68d20/attachment.html>