[asterisk-users] Asterisk 16.14.0 pjsip transport-tls cert parsing error

Ruisheng Peng rpeng at ifa.hawaii.edu
Fri Jan 29 14:16:38 CST 2021 

Thanks Stefan for the pointer.

There isn't a /etc/ssl/openssl.cnf on the Centos7 box. There is a
/etc/pki/tls/openssl.cnf, but there's no MinProtocol or CipherString
defined there.  I installed corebot (for Letsencrypt auto renewal) thru
snap.  The openssl.cnf that comes with snap (under
/var/lib/snapd/snap/core/current/etc/ssl) is pretty similar to the one
under /etc/pki/tls, in both lacking MinProtocol and CipherString
definitions.

[root at voip1 ~]# openssl version

OpenSSL 1.0.2k-fips  26 Jan 2017

if it helps with anything.

  Thanks,

--Ruisheng

On Fri, Jan 29, 2021 at 5:55 AM Stefan Tichy <asterisk3 at pi4tel.de> wrote:

> On Tue, Jan 26, 2021 at 10:12:22AM -1000, Ruisheng Peng wrote:
>
> > The self-sign asterisk.crt:
>
> I saved that file in "x.crt".
>
> openssl x509 -in x.crt -noout -text
>
> ....
>    RSA Public-Key: (1024 bit)
> ....
>
>
>
> > and Letsencrypt cert.pem:
>
> I saved that file in "y.crt".
>
> openssl x509 -in y.crt -noout -enddate
> notAfter=Jan 29 01:24:25 2021 GMT
>
>
> > There were a few mentions of this problem on the web, and one said
> changing
> > the security mode of the certs to 755 fixed his problem.
>
> That makes no sense.
>
>
>
> Which version of openssl ist used on that CentOS7 box ?
>
> In "/etc/ssl/openssl.cnf" you find something like this:
>
> MinProtocol = TLSv1.2
> CipherString = DEFAULT at SECLEVEL=2
>
> You could set the level to "1" or even to "0" and restart Asterisk.
>
>
> --
> Stefan Tichy
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20210129/333c92f8/attachment.html>

More information about the asterisk-users mailing list