<div dir="ltr">Your CA cert is missing.<div><br></div><div>Add in sip.conf:</div><div><br></div><div>tlscafile=/etc/asterisk/keys/ca.crt<br></div><div><br></div><div>You don't need:</div><div><span style="font-family:Calibri,sans-serif;font-size:14.6667px">tlscapath=/etc/asterisk/keys</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 4 May 2016 at 19:43, Motty Cruz <span dir="ltr"><<a href="mailto:motty.cruz@gmail.com" target="_blank">motty.cruz@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal">Hello, I am trying to secure SIP session with TLS on Asterisk Server 1.8. I keep getter an error, <u></u><u></u></p><p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt"> == Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br>[2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed!</span><u></u><u></u></p><p class="MsoNormal">I tried both signed and self-signed cert to no avail. <u></u><u></u></p><p class="MsoNormal">Here is my Configuration: <u></u><u></u></p><p class="MsoNormal">Sip.conf<u></u><u></u></p><p class="MsoNormal">tlsenable=yes<u></u><u></u></p><p class="MsoNormal">tlsbindaddr=0.0.0.0<u></u><u></u></p><p class="MsoNormal">tlscertfile=/etc/asterisk/keys/box1.pem<u></u><u></u></p><p class="MsoNormal">tlscapath=/etc/asterisk/keys<u></u><u></u></p><p class="MsoNormal">tlscipher=ALL<u></u><u></u></p><p class="MsoNormal">tlsclientmethod=tlsv1<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">sip.conf ext.<u></u><u></u></p><p class="MsoNormal">[5006]<u></u><u></u></p><p class="MsoNormal">type=peer<u></u><u></u></p><p class="MsoNormal">context=sipext<u></u><u></u></p><p class="MsoNormal">call-limit=3<u></u><u></u></p><p class="MsoNormal">trustrpid=no<u></u><u></u></p><p class="MsoNormal">callerid="Rec" <5006><u></u><u></u></p><p class="MsoNormal">disallow=all<u></u><u></u></p><p class="MsoNormal">allow=ulaw<u></u><u></u></p><p class="MsoNormal">allow=alaw<u></u><u></u></p><p class="MsoNormal">username=5006<u></u><u></u></p><p class="MsoNormal">secret=9fcbb025200881850526bc57d59885c3<u></u><u></u></p><p class="MsoNormal">dtmfmode=rfc2833<u></u><u></u></p><p class="MsoNormal">host=dynamic<u></u><u></u></p><p class="MsoNormal">mailbox=5006<u></u><u></u></p><p class="MsoNormal">nat=yes<u></u><u></u></p><p class="MsoNormal">canreinvite=no<u></u><u></u></p><p class="MsoNormal">transport=tls<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt"> == Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br>[2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed!<u></u><u></u></span></p><p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt">Any ideas? </span><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p></div></div><br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" rel="noreferrer" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" rel="noreferrer" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br></div>