[asterisk-users] TLS/SSL error loading cert file. </etc/asterisk/keys/asterisk.pem>
Antony Stone
Antony.Stone at asterisk.open.source.it
Mon Jan 6 11:42:42 CST 2020
On Monday 06 January 2020 at 18:33:39, Olivier wrote:
> Hello,
>
> On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a
> way to enable HTTPS.
> # cat /etc/asterisk/http.conf
> [general]
> servername=Asterisk
> enabled=yes
> bindaddr=0.0.0.0
> bindport=8088
> tlsenable=yes
> tlsbindaddr=0.0.0.0:8089
> tlscertfile=/etc/asterisk/keys/asterisk.pem
Have you tried pointing to the .crt file instead of the .pem file?
> ;tlsprivatekey=keys/asterisk.key
Why is that commented out (and why is it a relative path)?
> # ls -lR /etc/asterisk/keys
> /etc/asterisk/keys:
> total 32
> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt
> -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr
> -rw-rw-r-- 1 asterisk asterisk 887 janv. 6 15:59 asterisk.key
> -rw-rw-r-- 1 asterisk asterisk 2116 janv. 6 16:00 asterisk.pem
> -rw-rw-r-- 1 asterisk asterisk 158 janv. 6 15:59 ca.cfg
> -rw-rw-r-- 1 asterisk asterisk 1773 janv. 6 15:59 ca.crt
> -rw-rw-r-- 1 asterisk asterisk 3311 janv. 6 15:59 ca.key
> -rw-rw-r-- 1 asterisk asterisk 132 janv. 6 15:59 tmp.cfg
> Any clue ?
Try reducing the permissions on the .crt and especially the .key files, so
they're not world-readable.
Many applications will refuse to start if the certificate or key files are
insecure.
Antony.
--
Salad is what food eats.
Please reply to the list;
please *don't* CC me.
More information about the asterisk-users
mailing list