Displaying 20 results from an estimated 27 matches for "tlscafil".
Did you mean:
tlscafile
2018 Dec 07
2
Question on WebRTC configuration
...ts
"To communicate with websocket clients, Asterisk uses its built-in HTTP daemon. Configure /etc/asterisk/http.conf as follows:
[general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=<your_cert_file>
tlsprivatekey=<your_key_file>
tlscafile=<your_ca_cert_file>"
What is the tlscafile setting?
When I look at the http.conf samples it doesn't mention the tlscafile setting.
I see there is a tlscafile setting in sip.conf, but I don't find this anywhere else.
Is the wiki web page mistaken or is this an actual http.conf...
2014 Oct 21
0
TLS on SIP trunk
Has anyone tried to create a SIP trunk between Asterisk and a CUCM? If so has anyone enabled tls on the trunk? Would the tlscafile field in the Asterisk sip.conf be used to refer to the pem file provided by the CUCM? Is the purpose of tlscafile to refer to the other call manager's pem file? Or would the tlscafile field need to refer to the ca.crt file created for Asterisk using the asterisk ssl tls scripts? Attempting to...
2019 Jul 06
4
unsolved: Re: solved: how to create a working certificate for using TLS?
...tc/pki/ca-trust/source/ didn't seem to
make a difference, so I figured that this might be figured out automatically
since 'openssl s_client ...' apparently does figure it out automatically.
There is much figuring involved for the wanting of clear documentation ...
Now I've set 'tlscafile=/etc/pki/tls/certs/ca-bundle.crt' on the asterisk at
work, but that one didn't have issues with certificates after I made a new
one. I'll try the same at home when I get back to see if it makes a difference.
Is 'tlscafile' the correct option for this?
2012 Aug 20
1
Asterisk as TLS server as well as TLS client
...for
his clients and connected in both way in TLS with both others asterisk,
each having hi own Common Name. Is this possible?
I set up 2 asterik's , one server and the other client, this is OK. But
I can't deal with certificats generated on both servers.
I tried to put tlscertfile ans tlscafile in the peer definition, each
pointing to the certificate generated by the server, but that? not working.
Thanks for any hint.
--
Daniel
2015 Mar 03
6
TLS, SRTP, Asterisk11 and Snom870s
...f you have gotten this set-up (Asterisk11 with
Snom870s using TLS) to work and if so could you provide the details?
I have this in Asterisk sip.conf (loaded through FreePBXs
sip_general_additional.conf).
tcpenable=yes
tlsenable=yes
tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
tlscafile=/etc/pki/tls/certs/ca-bundle.crt
tlsdontverifyserver=yes
tlscipher=ALL
tlsclientmethod=tlsv1
And I have this for the test device context:
[41712]
deny=0.0.0.0/0.0.0.0
secret=NearlyANastyThat
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
sendrpid=no
type=friend...
2015 Mar 03
2
TLS, SRTP, Asterisk11 and Snom870s
On Tue, March 3, 2015 13:37, James Cloos wrote:
>>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes:
>
> JBB> tcpenable=yes
> JBB> tlsenable=yes
> JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
> JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt
> JBB> tlsdontverifyserver=yes
> JBB> tlscipher=ALL
> JBB> tlsclientmethod=tlsv1
>
> You are missing the tls key.
>
> The config name is tlsprivatekey; set that to the filename of your tls
> key, akin to how tlscertfile is set.
>...
2019 Jul 05
2
unsolved: Re: solved: how to create a working certificate for using TLS?
On 7/5/19 9:32 PM, John Runyon wrote:
> On Fri, 5 Jul 2019 at 14:28, hw <hw at gc-24.de <mailto:hw at gc-24.de>> wrote:
>
> I thought about that and checked the configuration I've been using to
> create the certificate, and I can't see anywhere that it would expire
> earlier than after 3650 days. Is there another way to check this?
>
>
2016 May 04
2
Asterisk 1.8 secure SIP session only
Hello, I am trying to secure SIP session with TLS on Asterisk Server 1.8. I
keep getter an error,
== Problem setting up ssl connection: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection:
FILE * open failed!
I tried both signed and self-signed cert to no avail.
Here is my Configuration:
Sip.conf
2011 Jun 07
1
tls/srtp: sip_xmit error: returned -2
...es SAN).
My config for tls/srtp looks like this (remember, the rest works very
happily):
[global]
encryption = yes
tlsenable = yes
tlsbindaddr = 0.0.0.0
tlscertfile =
/path/to/asterisk/certificate/and/key/in/a/single/file
tlscafile = /path/to/CA/certificate
tlscipher = ALL
tlsclientmethod = tlsv1
[tls user]
transport = tls
Can someone give me any clues to what is happening? I've checked my
packet flow with tcpdump and wireshark as well, but I'...
2011 Mar 01
3
TLS/SRTP calls go to circuit busy.
...n,Playback(demo-echotest)
exten => 600,n,Echo()
exten => _X.,1,Dial(SIP/CM8/${EXTEN:0},30,rt)
[general]
tlsenable=yes
tlsbindaddr=172.16.200.60
;tlsprivatekey=/usr/local/ssl/misc/asteriskkey.pem
;tlscertfile=/usr/local/ssl/misc/asteriskcert.pem
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
;tlscafile=/usr/local/ssl/misc/demoCA/cacert.pem
tlsclientmethod=tlsv1
[6001]
type=friend
secret=erasmus123
callerid="Mitch-MacBook" <6001>
;nat=yes
host=dynamic
;canreinvite=no
context=myphones
allow=ulaw
allow=gsm
allow=g726
;transport=udp...
2015 Mar 03
0
TLS, SRTP, Asterisk11 and Snom870s
>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes:
JBB> tcpenable=yes
JBB> tlsenable=yes
JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt
JBB> tlsdontverifyserver=yes
JBB> tlscipher=ALL
JBB> tlsclientmethod=tlsv1
You are missing the tls key.
The config name is tlsprivatekey; set that to the filename of your tls
key, akin to how tlscertfile is set.
-JimC
--
James Cloos <cloos at jhcloo...
2011 Apr 01
0
Incoming SRTP call not working with Bria iPhone Edition
...Dial("SIP/500-00000004", "SIP/400,20") in
new stack
== Using SIP RTP CoS mark 5
-- Called 400
SSL certificate ok
-- Nobody picked up in 20000 ms
}}}
My config files are :
* sip.conf :
{{{
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1 ;none of the others seem to work with Blink as the
client
[400]
type=peer
secret=400 ;note that this is NOT a secure password
host=dynamic
context=local
dtmfmode=rfc2833
disallow=all
allow=g722,gsm
transport=tls
encryption=yes
context=...
2014 Feb 16
0
SIP TLS question for asterisk 11
...a middle of an asterisk installation/configuration for my company
and I'm testing the TLS configuration.
For this reason, I used the ast_tls_cert script to build the ssl
certificates for my server.
On sip.conf file:
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
and on my extension number configuration:
transport=tls
Finally, my phone was registered successfully on my asterisk server.
But, during my tests and while I switched on sip debug mode, I have seen
that on Register I have TLS and on S...
2014 Aug 12
0
Asterisk 11.11 with TCP/TLS SRTP and Grandstream gxp1450 not working
...utines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
WARNING[7421]: tcptls.c:668 handle_tcptls_connection: FILE * open failed!
Encryption is configured via
;-------------------------Encryption-----
encryption=yes
tlsenable=yes
tlsbindaddr=::
tlscertfile=/var/lib/asterisk/keys/asterisk.pem
tlscafile=/var/lib/asterisk/keys/ca.crt
tlscipher=ALL
srtpcapable=yes
;tlsclientmethod=tlsv1
tlsdontverifyserver=yes
and the phone is sourced by
context=default ; Default context for incoming calls
allowoverlap=no
udpbindaddr=::
tcpenable=yes
tcpbindaddr=::
srvlookup=yes
and
[IPV6](!,my...
2014 Aug 13
0
SRTP only from asterisk to extention possible
...t=yes
nat=force_rport,comedia
sendrpid=rpid
trustrpid=yes
language=de
callevents=yes
qualify=yes
faxdetect=yes
t38pt_udptl=no
disallow=all
allow=ulaw
allow=alaw
;-------------------------Encryption-----
encryption=yes
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/var/lib/asterisk/keys/asterisk.pem
tlscafile=/var/lib/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
tlsdontverifyserver=yes
;--------------------------Default----------------
context=default ; Default context for incoming calls
allowoverlap=no
udpbindaddr=0.0.0.0
tcpenable=yes
tcpbindaddr=0.0.0.0
srvlookup=yes
[my...
2013 Aug 12
0
Asterisk WebRTC Support : WSS connection setup fails with error:00000000
...that violates the
protocol
[Aug 12 06:50:10] WARNING[8037] tcptls.c: FILE * open failed!
************ config **********
my http.conf
---------------------
tlsenable=yes
tlsbindport=8089
tlsbindaddr=0.0.0.0
;tlscertfile=/etc/asterisk/keys/asterisk.crt
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlsprivatekey=/etc/asterisk/keys/asterisk.key
tlscipher=ALL
tlsclientmethod=tlsv1
;tlsverifyclient=no
;tlsdontverifyserver=yes
--
Rgds
astlov
2014 Mar 24
1
Problem with TLS/SRTP with Asterisk 11.8.1
...* open failed!
-- Unregistered SIP 'encrypted'
sip.conf looks like this:
[general]
context=guest
allowguest=no
allowoverlap=no
allowtransfer=no
bindaddr=0.0.0.0:5060
udpbindaddr=0.0.0.0:5060
tcpenable=no
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
transport=udp
preferred_codec_only=no
disallow=all
allow=ulaw
language=en
trustrpid=no
dtmfmode=rfc2833
videosupport=no
alwaysauthreject=yes
directmedia=no
jbenable = yes
jbforce = no
[encrypted]
type=friend
secret=1234
context=inte...
2013 Feb 06
1
TLS
...pany" -d /etc/
asterisk/keys -o 1002
sip.conf:
[general]
context = default
udpbindaddr = 0.0.0.0
tcpenable = no
tcpbindaddr = 0.0.0.0
allowguest = no
allow = ulaw
allow = alaw
allow = gsm
allow = g722
tlsenable = yes
tlsbindaddr = 0.0.0.0
tlscertfile = / etc / asterisk / keys / asterisk.pem
tlscafile = / etc / asterisk / keys / ca.crt
tlscipher = ALL
tlsclientmethod = TLSv1
[1001]
context = default
type = friend
username = 1001
secret = 1000
dtmfmode = rfc2833
callerid = 1001
host = dynamic
transport = tls
[1002]
context = default
type = friend
username = 1002
secret = 1002
dtmfmode = rfc283...
2015 Mar 03
0
TLS, SRTP, Asterisk11 and Snom870s
...ith
> Snom870s using TLS) to work and if so could you provide the details?
>
> I have this in Asterisk sip.conf (loaded through FreePBXs
> sip_general_additional.conf).
>
> tcpenable=yes
> tlsenable=yes
> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
> tlscafile=/etc/pki/tls/certs/ca-bundle.crt
> tlsdontverifyserver=yes
> tlscipher=ALL
> tlsclientmethod=tlsv1
>
> And I have this for the test device context:
>
> [41712]
> deny=0.0.0.0/0.0.0.0
> secret=NearlyANastyThat
> dtmfmode=rfc2833
> canreinvite=no
> context=from-in...
2015 Aug 11
2
webrtc no audio
...rks fine.
Any tips on how to solve this? Here's my relevant files.
*;sip.conf:*
[general]
udpbindaddr=0.0.0.0:5060
realm=10.201.0.106 ;replace with your Asterisk server public IP address or
host
transport=udp,ws,wss
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
[6000]
host=dynamic
secret=mysecret
context=default
type=friend
icesupport=yes
directmedia=no
disallow=all
allow=ulaw
qualify=yes
[6001]
host=dynamic
secret=mysecret
context=default
type=friend
encryption=yes
avpf=yes
force_avp=yes
ic...