Hello, I am trying to secure SIP session with TLS on Asterisk Server 1.8. I keep getter an error, == Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed! I tried both signed and self-signed cert to no avail. Here is my Configuration: Sip.conf tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/box1.pem tlscapath=/etc/asterisk/keys tlscipher=ALL tlsclientmethod=tlsv1 sip.conf ext. [5006] type=peer context=sipext call-limit=3 trustrpid=no callerid="Rec" <5006> disallow=all allow=ulaw allow=alaw username=5006 secret=9fcbb025200881850526bc57d59885c3 dtmfmode=rfc2833 host=dynamic mailbox=5006 nat=yes canreinvite=no transport=tls == Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed! Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160504/3228b306/attachment.html>
Markos Vakondios
2016-May-04 17:11 UTC
[asterisk-users] Asterisk 1.8 secure SIP session only
Your CA cert is missing. Add in sip.conf: tlscafile=/etc/asterisk/keys/ca.crt You don't need: tlscapath=/etc/asterisk/keys On 4 May 2016 at 19:43, Motty Cruz <motty.cruz at gmail.com> wrote:> Hello, I am trying to secure SIP session with TLS on Asterisk Server 1.8. > I keep getter an error, > > == Problem setting up ssl connection: error:14094418:SSL > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 > handle_tcptls_connection: FILE * open failed! > > I tried both signed and self-signed cert to no avail. > > Here is my Configuration: > > Sip.conf > > tlsenable=yes > > tlsbindaddr=0.0.0.0 > > tlscertfile=/etc/asterisk/keys/box1.pem > > tlscapath=/etc/asterisk/keys > > tlscipher=ALL > > tlsclientmethod=tlsv1 > > > > sip.conf ext. > > [5006] > > type=peer > > context=sipext > > call-limit=3 > > trustrpid=no > > callerid="Rec" <5006> > > disallow=all > > allow=ulaw > > allow=alaw > > username=5006 > > secret=9fcbb025200881850526bc57d59885c3 > > dtmfmode=rfc2833 > > host=dynamic > > mailbox=5006 > > nat=yes > > canreinvite=no > > transport=tls > > > > == Problem setting up ssl connection: error:14094418:SSL > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 > handle_tcptls_connection: FILE * open failed! > > Any ideas? > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160504/b2b68d20/attachment.html>
Thank you Markos, finally was able to secure SIP session with TLS between server
& client.
Thanks for you support!
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces
at lists.digium.com] On Behalf Of Markos Vakondios
Sent: Wednesday, May 04, 2016 10:11 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk 1.8 secure SIP session only
Your CA cert is missing.
Add in sip.conf:
tlscafile=/etc/asterisk/keys/ca.crt
You don't need:
tlscapath=/etc/asterisk/keys
On 4 May 2016 at 19:43, Motty Cruz <motty.cruz at gmail.com> wrote:
Hello, I am trying to secure SIP session with TLS on Asterisk Server 1.8. I keep
getter an error,
== Problem setting up ssl connection: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection:
FILE * open failed!
I tried both signed and self-signed cert to no avail.
Here is my Configuration:
Sip.conf
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/box1.pem
tlscapath=/etc/asterisk/keys
tlscipher=ALL
tlsclientmethod=tlsv1
sip.conf ext.
[5006]
type=peer
context=sipext
call-limit=3
trustrpid=no
callerid="Rec" <5006>
disallow=all
allow=ulaw
allow=alaw
username=5006
secret=9fcbb025200881850526bc57d59885c3
dtmfmode=rfc2833
host=dynamic
mailbox=5006
nat=yes
canreinvite=no
transport=tls
== Problem setting up ssl connection: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection:
FILE * open failed!
Any ideas?
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20160506/b941f907/attachment.html>