search for: tlscapath

...D_BYTES:tlsv1 alert unknown ca [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed! I tried both signed and self-signed cert to no avail. Here is my Configuration: Sip.conf tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/box1.pem tlscapath=/etc/asterisk/keys tlscipher=ALL tlsclientmethod=tlsv1 sip.conf ext. [5006] type=peer context=sipext call-limit=3 trustrpid=no callerid="Rec" <5006> disallow=all allow=ulaw allow=alaw username=5006 secret=9fcbb025200881850526bc57d59885c3 dtmfmode=rfc2833 host=dyna...

...ting to asterisk using encryption, so I suppose my own certificate is required. > To be able to verify the certificate of the ISP, asterisk has to know the local CA database. For CentOS 7, this is /etc/pki/tls/certs/ca-bundle.crt. How did you know I'm doing this on Centos? :) Setting 'tlscapath' to /etc/pki or to /etc/pki/ca-trust/source/ didn't seem to make a difference, so I figured that this might be figured out automatically since 'openssl s_client ...' apparently does figure it out automatically. There is much figuring involved for the wanting of clear documentation ....

On 7/5/19 9:32 PM, John Runyon wrote: > On Fri, 5 Jul 2019 at 14:28, hw <hw at gc-24.de <mailto:hw at gc-24.de>> wrote: > > I thought about that and checked the configuration I've been using to > create the certificate, and I can't see anywhere that it would expire > earlier than after 3650 days.  Is there another way to check this? > >