[asterisk-users] TLS, SRTP, Asterisk11 and Snom870s
James B. Byrne
byrnejb at harte-lyne.ca
Tue Mar 3 14:44:37 CST 2015
On Tue, March 3, 2015 13:37, James Cloos wrote:
>>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes:
>
> JBB> tcpenable=yes
> JBB> tlsenable=yes
> JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
> JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt
> JBB> tlsdontverifyserver=yes
> JBB> tlscipher=ALL
> JBB> tlsclientmethod=tlsv1
>
> You are missing the tls key.
>
> The config name is tlsprivatekey; set that to the filename of your tls
> key, akin to how tlscertfile is set.
>
> -JimC
Thank you. The settings in sip_general_additional.conf are now:
tcpenable=yes
tlsenable=yes
tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.pem
tlscafile=/etc/pki/tls/certs/ca-bundle.crt
tlsdontverifyserver=yes
tlscipher=ALL
tlsclientmethod=tlsv1
tlsprivatekey=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.key
However, issuing 'amportal a r' still results in this error:
[2015-03-03 15:40:42] ERROR[13681]: tcptls.c:875
ast_tcptls_client_start: Unable to connect SIP socket to
192.168.6.112:5060: Connection refused
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the asterisk-users
mailing list