Hello, all. After many pages of googling and testing in the lab, I'm still a bit perplexed about how to implement tls protection for the asterisk manager. manager.conf allows one to specify the cert file but one normally must also specify the private key file. If I simply enter the cert file: sslenable=yes sslbindport=5038 sslbindaddr=172.x.x.8 sslcert=/etc/pki/tls/certs/pbxc.pem ; path to the certificate. ; sslcipher=<cipher string> It errors as I expect it would: pbx*CLI> manager reload == Parsing '/etc/asterisk/manager.conf': == Found SSL cert error </etc/pki/tls/certs/pbxc.pem> How does one specify the private key for the manager.conf file? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
On 25/07/09 00:08, John A. Sullivan III wrote:> Hello, all. After many pages of googling and testing in the lab, I'm > still a bit perplexed about how to implement tls protection for the > asterisk manager. manager.conf allows one to specify the cert file but > one normally must also specify the private key file. If I simply enter > the cert file: > > sslenable=yes > sslbindport=5038 > sslbindaddr=172.x.x.8 > sslcert=/etc/pki/tls/certs/pbxc.pem ; path to the certificate. > ; sslcipher=<cipher string> > > It errors as I expect it would: > > pbx*CLI> manager reload > == Parsing '/etc/asterisk/manager.conf': == Found > SSL cert error</etc/pki/tls/certs/pbxc.pem> > > How does one specify the private key for the manager.conf file? Thanks - > JohnNot quite the same thing I know, but it might help. I use stunnel for the AMI so the connection is transported in a SHH tunnel. It's quite easy to setup. Alan
The pem file should contain both the private key and the certificate. On Jul 24, 2009, at 4:08 PM, John A. Sullivan III wrote:> Hello, all. After many pages of googling and testing in the lab, I'm > still a bit perplexed about how to implement tls protection for the > asterisk manager. manager.conf allows one to specify the cert file > but > one normally must also specify the private key file. If I simply > enter > the cert file: > > sslenable=yes > sslbindport=5038 > sslbindaddr=172.x.x.8 > sslcert=/etc/pki/tls/certs/pbxc.pem ; path to the certificate. > ; sslcipher=<cipher string> > > It errors as I expect it would: > > pbx*CLI> manager reload > == Parsing '/etc/asterisk/manager.conf': == Found > SSL cert error </etc/pki/tls/certs/pbxc.pem> > > How does one specify the private key for the manager.conf file? > Thanks - > John > -- > John A. Sullivan III > Open Source Development Corporation > +1 207-985-7880 > jsullivan at opensourcedevel.com > > http://www.spiritualoutreach.com > Making Christianity intelligible to secular society > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users