Gavin Henry
2012-Mar-08 15:32 UTC
[asterisk-users] Commercial SSL certs on Asterisk 1.8.10.0 with Polycom phones for encrypted calls using TLS and SRTP?
Hi all, We're testing TLS and SRTP on Asterisk 1.8.10.0 and have it working with a commerical (not self-sign) AlphaSSL wildcard (GlobalSign) using Blink Lite 1.6.2 as per https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial We've tested with Bria on an iPhone and that doesn't recognised the commercial CA (GlobalSign Root CA). On a Yealink 28P with V60/V61 is registers over TLS, but can't do SRTP. Yealink are working on this and are testing against one of our dev servers. My question is someone (Digium) must have this working against Polycom (which is a requirement for this project) with commercial certs since that's their partner of choice? This is our relevant setup: tlsenable=yes tlsbindaddr=0.0.0.0 tcpbindaddr=0.0.0.0 tcpenable=yes transport=tcp,udp,tls tlscertfile=/etc/asterisk/ssl/test_wildcard_cert.pem tlscafile=/etc/asterisk/ssl/AlphaSSLroot.crt tlscipher=ALL tlsclientmethod=tlsv1 This file has the cert and key in it: test_wildcard_cert.pem is as per: http://www.alphassl.com/support/install-ssl/apache.html and AlphaSSLroot.crt is as per: http://www.alphassl.com/support/install-root/apache.html We haven't tested Snom or Aastra yet. Thanks, Gavin. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk
Kevin P. Fleming
2012-Mar-08 16:22 UTC
[asterisk-users] Commercial SSL certs on Asterisk 1.8.10.0 with Polycom phones for encrypted calls using TLS and SRTP?
On 03/08/2012 09:32 AM, Gavin Henry wrote:> Hi all, > > We're testing TLS and SRTP on Asterisk 1.8.10.0 and have it working > with a commerical (not self-sign) AlphaSSL wildcard (GlobalSign) using > Blink Lite 1.6.2 as per > https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial > > We've tested with Bria on an iPhone and that doesn't recognised the > commercial CA (GlobalSign Root CA). > > On a Yealink 28P with V60/V61 is registers over TLS, but can't do > SRTP. Yealink are working on this and are testing against one of our > dev servers. > > My question is someone (Digium) must have this working against Polycom > (which is a requirement for this project) with commercial certs since > that's their partner of choice?I don't believe we've done any interop testing with Polycom phones since TLS and SRTP support were added to Asterisk. Most (possibly all) of the interop testing was done with Asterisk Business Edition, the last version of which was based on Asterisk 1.4. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com & www.asterisk.org