[asterisk-users] Asterisk 1.8 secure SIP session only

Motty Cruz motty.cruz at gmail.com
Fri May 6 10:40:11 CDT 2016 

Thank you Markos, finally was able to secure SIP session with TLS between server & client. 

 

Thanks for you support!

 

From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Markos Vakondios
Sent: Wednesday, May 04, 2016 10:11 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk 1.8 secure SIP session only

 

Your CA cert is missing.

 

Add in sip.conf:

 

tlscafile=/etc/asterisk/keys/ca.crt

 

You don't need:

tlscapath=/etc/asterisk/keys

 

On 4 May 2016 at 19:43, Motty Cruz <motty.cruz at gmail.com> wrote:

Hello, I am trying to secure SIP session with TLS on Asterisk Server 1.8. I keep getter an error, 

  == Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed!

I tried both signed and self-signed cert to no avail. 

Here is my Configuration: 

Sip.conf

tlsenable=yes

tlsbindaddr=0.0.0.0

tlscertfile=/etc/asterisk/keys/box1.pem

tlscapath=/etc/asterisk/keys

tlscipher=ALL

tlsclientmethod=tlsv1

 

sip.conf ext.

[5006]

type=peer

context=sipext

call-limit=3

trustrpid=no

callerid="Rec" <5006>

disallow=all

allow=ulaw

allow=alaw

username=5006

secret=9fcbb025200881850526bc57d59885c3

dtmfmode=rfc2833

host=dynamic

mailbox=5006

nat=yes

canreinvite=no

transport=tls

 

  == Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed!

Any ideas? 

 


--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160506/b941f907/attachment.html>

More information about the asterisk-users mailing list