[asterisk-users] unsolved: Re: solved: how to create a working certificate for using TLS?
Michael Maier
m1278468 at mailbox.org
Sat Jul 6 03:40:26 CDT 2019
On 05.07.19 at 22:02 hw wrote:
>
> openssl verify -CAfile ca.pem asterisk.pem
> asterisk.pem: OK
>
>
> When I set tlsdontverifyserver=yes, it works (i. e. asterisk registers
> to the SIP provider and there is no error message). Otherwise I'm
> getting the error message and asterisk does not register.
>
> Reading the comments in sip.conf.sample, I would assume that asterisk
> can not verify the certificate of the SIP provider. Yet
>
>
> openssl s_client -connect secure.sip.easybell.de:5061
You know that you don't need an own certificate to connect via tls to the ISP?
To be able to verify the certificate of the ISP, asterisk has to know the local CA database. For CentOS 7, this is /etc/pki/tls/certs/ca-bundle.crt.
Regards
Michael
More information about the asterisk-users
mailing list