[asterisk-users] how to create a working certificate for using TLS?

hwilmer hw at gc-24.de
Wed Jun 26 06:33:56 CDT 2019


how can I create a self-signed certificate for asterisk which
actually works?  I had one that did work, and yesterday it suddenly
quit working for no reason.  I had to spend hours to create another
one that would finally work, and it suddenly quit working today.

The certificate verifies just fine with

openssl verify -verbose -CAfile ca.crt asterisk.pem

Yet asterisk keeps saying:

tcptls.c:173 handle_tcptls_connection: Certificate did not verify: unable to get local issuer certificate

no matter what I do until I set 'tlsdontverifyserver=yes' in sip.conf.
Why doesn't the error message at least say which certificate it is
referring to?

Every time I have to deal with certificates, I hate that stuff more
and more ...

More information about the asterisk-users mailing list