search for: tlsbindaddr

On Tue, March 3, 2015 13:37, James Cloos wrote: >>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: > > JBB> tcpenable=yes > JBB> tlsenable=yes > JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt > JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt > JBB> tlsdontverifyserver=yes > JBB>

...#39;t find a way to enable HTTPS. Asterisk is running as asterisk:asterisk: asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 /usr/sbin/asterisk -g -f -p -U asterisk # cat /etc/asterisk/http.conf [general] servername=Asterisk enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/asterisk/keys/asterisk.pem ;tlsprivatekey=keys/asterisk.key # ls -lR /etc/asterisk/keys /etc/asterisk/keys: total 32 -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr -rw-rw-r-- 1 asterisk a...

...RTC clients... https://wiki.asterisk.org/wiki/display/AST/Configuring+Asterisk+for+WebRTC+Clients "To communicate with websocket clients, Asterisk uses its built-in HTTP daemon. Configure /etc/asterisk/http.conf as follows: [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=<your_cert_file> tlsprivatekey=<your_key_file> tlscafile=<your_ca_cert_file>" What is the tlscafile setting? When I look at the http.conf samples it doesn't mention the tlscafile setting. I see there is a tlscafile setting in sip.conf, but I don...

...etting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed! I tried both signed and self-signed cert to no avail. Here is my Configuration: Sip.conf tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/box1.pem tlscapath=/etc/asterisk/keys tlscipher=ALL tlsclientmethod=tlsv1 sip.conf ext. [5006] type=peer context=sipext call-limit=3 trustrpid=no callerid="Rec" <5006> disallow=all allow=ulaw allow=alaw username=5006 secret=9...

...only, use transport=tls it also accepts tcp, udp or a comma-separated list. if given a list, it tries them in order If you need ast to register over tls, use something like this: register => tls://username:xxxxxx at sip-tls-proxy.example.org (copied from the example sip.conf). Set tlsbindaddr to the address to which to bind(2) the tls socket. tlsbindaddr=0.0.0.0 is typical in ipv4-only configs. -JimC -- James Cloos <cloos at jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6

Hi Alexey, This is what works for me: [http.conf]: tlsenable=yes ; enable tls - default no. tlsbindaddr=144.x.y.z:8089 ; address and port to bind to - default is bindaddr and port 8089. tlscertfile=/etc/asterisk/keys/mycert.pem ; path to the certificate file (*.pem) only. tlsprivatekey=/etc/asterisk/keys/mycert.pem ; path to private key file (*.pem) only. Date: Tue, 13 Jan 2015 10:02:08 +00...

...97 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 >> /usr/sbin/asterisk -g -f -p -U asterisk >> >> # cat /etc/asterisk/http.conf >> [general] >> servername=Asterisk >> enabled=yes >> bindaddr=0.0.0.0 >> bindport=8088 >> tlsenable=yes >> tlsbindaddr=0.0.0.0:8089 >> tlscertfile=/etc/asterisk/keys/asterisk.pem >> ;tlsprivatekey=keys/asterisk.key >> >> # ls -lR /etc/asterisk/keys >> /etc/asterisk/keys: >> total 32 >> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt >> -rw-rw-r-- 1 ast...

...26 14:38:19] ERROR[2992]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca [Oct 26 14:38:19] WARNING[2992]: tcptls.c:684 handle_tcptls_connection: FILE * open failed! I have in sip.conf : tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlsdontverifyserver=yes tlscipher=ALL ;tlsclientmethod=tlsv2 /etc/asterisk/keys : -rw------- 1 root root 1,2K okt 26 14:25 asterisk.crt -rw------- 1 root root 574 okt 26 14:24 asterisk.csr -rw------- 1 root root 887 okt 26 14:24 asterisk.key...

Hello List. I am puzzled and how asterisk listens to calls or connections from clients. When I do a netstat -nat I don't see asterisk listening on port 5060. Now, I'm testing a server with three network interfaces: two to the internet doing load balancing and the other to our LAN. I would like asterisk to only accept connections coming from our LAN but, can't find where to configure

...he IPv4 wildcard. Example: bindaddr=0.0.0.0/ /; d) Listen on the IPv4 and IPv6 wildcards. Example: bindaddr=::/ /; (You can choose independently for UDP, TCP, and TLS, by specifying different values for/ /; "udpbindaddr", "tcpbindaddr", and "tlsbindaddr".)/ /; (Note that using bindaddr=:: will show only a single IPv6 socket in netstat./ /; IPv4 is supported at the same time using IPv4-mapped IPv6 addresses.)/ /;/ /; You may optionally add a port number. (The default is port 5060 for UDP and TCP, 5061/ /; for T...

...-rw------- 1 root root 161 nov. 18 20:46 ca.cfg -rw------- 1 root root 1781 nov. 18 20:46 ca.crt -rw------- 1 root root 3311 nov. 18 20:46 ca.key -rw------- 1 root root 124 nov. 18 20:46 tmp.cfg # cat /etc/asterisk/http.conf [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/asterisk/keys/asterisk.pem But, still I don't have any HTTPS server running: # asterisk -rx "http show status" HTTP Server Status: Prefix: Server: Asterisk/17.0.0 Server Enabled and Bound to 0.0.0.0:8088 Enabled URI's: /httpstatus => Asterisk HT...

...17:53 0:06 >>> /usr/sbin/asterisk -g -f -p -U asterisk >>> >>> # cat /etc/asterisk/http.conf >>> [general] >>> servername=Asterisk >>> enabled=yes >>> bindaddr=0.0.0.0 >>> bindport=8088 >>> tlsenable=yes >>> tlsbindaddr=0.0.0.0:8089 >>> tlscertfile=/etc/asterisk/keys/asterisk.pem >>> ;tlsprivatekey=keys/asterisk.key >>> >>> # ls -lR /etc/asterisk/keys >>> /etc/asterisk/keys: >>> total 32 >>> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.c...

...yond just this need, so I'm using openssl commands directly and everything works elsewhere- so my CA setup is fine (includes SAN). My config for tls/srtp looks like this (remember, the rest works very happily): [global] encryption = yes tlsenable = yes tlsbindaddr = 0.0.0.0 tlscertfile = /path/to/asterisk/certificate/and/key/in/a/single/file tlscafile = /path/to/CA/certificate tlscipher = ALL tlsclientmethod = tlsv1 [tls user] transport = tls Can so...

...e-reg](!) type=aor remove_existing=yes max_contacts=1 ;===============DEVICES [webrtc1](endpoint-basic) auth=webrtc1 aors=webrtc1 [webrtc1](auth-userpass) password=secret username=webrtc1 [webrtc1](aor-single-reg) relevant part of http.conf [general] enabled=yes bindaddr=0.0.0.0 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/pki/tls/certs/pbx.crt tlsprivatekey=/etc/pki/tls/private/pbx.key -- --------------------------------------- Marek Cervenka ======================================= -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium...

Kindly guide with debugging TLS issue in asterisk 11.16. Compiled from source and works all ok ! Added the below to sip.conf tlsenable=yes tlsbindaddr=0.0.0.0:5061 However asterisk doesn't even listen to port 5061 sudo netstat -anp Kindly guide Thanks Best, Chirag A. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150318/f4668f63/attachment....

...sterisk:asterisk: > > asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 > /usr/sbin/asterisk -g -f -p -U asterisk > > # cat /etc/asterisk/http.conf > [general] > servername=Asterisk > enabled=yes > bindaddr=0.0.0.0 > bindport=8088 > tlsenable=yes > tlsbindaddr=0.0.0.0:8089 > tlscertfile=/etc/asterisk/keys/asterisk.pem > ;tlsprivatekey=keys/asterisk.key > > # ls -lR /etc/asterisk/keys > /etc/asterisk/keys: > total 32 > -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt > -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:...

...== Using SIP RTP CoS mark 5 -- Executing [400 at local:1] Dial("SIP/500-00000004", "SIP/400,20") in new stack == Using SIP RTP CoS mark 5 -- Called 400 SSL certificate ok -- Nobody picked up in 20000 ms }}} My config files are : * sip.conf : {{{ tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 ;none of the others seem to work with Blink as the client [400] type=peer secret=400 ;note that this is NOT a secure password host=dynamic context=local dtmfmode=rfc2833 disa...

Hi All, I'm on a middle of an asterisk installation/configuration for my company and I'm testing the TLS configuration. For this reason, I used the ast_tls_cert script to build the ssl certificates for my server. On sip.conf file: tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 and on my extension number configuration: transport=tls Finally, my phone was registered successfully on my asterisk server. But, during my tests and while I switched on sip...

...k == Problem setting up ssl connection: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure WARNING[7421]: tcptls.c:668 handle_tcptls_connection: FILE * open failed! Encryption is configured via ;-------------------------Encryption----- encryption=yes tlsenable=yes tlsbindaddr=:: tlscertfile=/var/lib/asterisk/keys/asterisk.pem tlscafile=/var/lib/asterisk/keys/ca.crt tlscipher=ALL srtpcapable=yes ;tlsclientmethod=tlsv1 tlsdontverifyserver=yes and the phone is sourced by context=default ; Default context for incoming calls allowoverlap=no udpbindaddr=::...

...ideas what could be wrong? [general] allowguest=no alwaysauthreject=yes nat=force_rport,comedia sendrpid=rpid trustrpid=yes language=de callevents=yes qualify=yes faxdetect=yes t38pt_udptl=no disallow=all allow=ulaw allow=alaw ;-------------------------Encryption----- encryption=yes tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/var/lib/asterisk/keys/asterisk.pem tlscafile=/var/lib/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 tlsdontverifyserver=yes ;--------------------------Default---------------- context=default ; Default context for incoming calls allowoverlap=no udpbind...