Displaying 20 results from an estimated 41 matches for "tlscertfil".
Did you mean:
tlscertfile
2020 Jan 07
1
Improve Wiki's "WebRTC config" page
..." section, instead of 'ls -w 1
/etc/asterisk/keys', could a 'ls -l /etc/asterisk/keys' be used ?
This would help to check file permissions.
If possible, having those file permissions shown when Asterisk is run as
asterisk:asterisk would be very helpful.
2. Instead of a generic
tlscertfile=<your_cert_file>
tlsprivatekey=<your_key_file>
could a specific writing be preferred
tlscertfile=/etc/asterisk/keys/asterisk.crt
tlsprivatekey=/etc/asterisk/keys/asterisk.key
This would be consistent with the "We'll use the asterisk.crt, asterisk.key
and ca.crt" text, a...
2015 Mar 03
6
TLS, SRTP, Asterisk11 and Snom870s
...rdinarily (to me) Byzantine environemnt I am
going to ask if any of you have gotten this set-up (Asterisk11 with
Snom870s using TLS) to work and if so could you provide the details?
I have this in Asterisk sip.conf (loaded through FreePBXs
sip_general_additional.conf).
tcpenable=yes
tlsenable=yes
tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
tlscafile=/etc/pki/tls/certs/ca-bundle.crt
tlsdontverifyserver=yes
tlscipher=ALL
tlsclientmethod=tlsv1
And I have this for the test device context:
[41712]
deny=0.0.0.0/0.0.0.0
secret=NearlyANastyThat
dtmfmode=rfc2833
canreinvite=no
context=f...
2015 Mar 03
2
TLS, SRTP, Asterisk11 and Snom870s
On Tue, March 3, 2015 13:37, James Cloos wrote:
>>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes:
>
> JBB> tcpenable=yes
> JBB> tlsenable=yes
> JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
> JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt
> JBB> tlsdontverifyserver=yes
> JBB> tlscipher=ALL
> JBB> tlsclientmethod=tlsv1
>
> You are missing the tls key.
>
> The config name is tlsprivatekey; set th...
2020 Jan 06
4
TLS/SSL error loading cert file. </etc/asterisk/keys/asterisk.pem>
...e HTTPS.
Asterisk is running as asterisk:asterisk:
asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06
/usr/sbin/asterisk -g -f -p -U asterisk
# cat /etc/asterisk/http.conf
[general]
servername=Asterisk
enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/asterisk/keys/asterisk.pem
;tlsprivatekey=keys/asterisk.key
# ls -lR /etc/asterisk/keys
/etc/asterisk/keys:
total 32
-rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt
-rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr
-rw-rw-r-- 1 asterisk asterisk 887 janv. 6 15...
2018 Dec 07
2
Question on WebRTC configuration
...iki.asterisk.org/wiki/display/AST/Configuring+Asterisk+for+WebRTC+Clients
"To communicate with websocket clients, Asterisk uses its built-in HTTP daemon. Configure /etc/asterisk/http.conf as follows:
[general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=<your_cert_file>
tlsprivatekey=<your_key_file>
tlscafile=<your_ca_cert_file>"
What is the tlscafile setting?
When I look at the http.conf samples it doesn't mention the tlscafile setting.
I see there is a tlscafile setting in sip.conf, but I don't find this anywher...
2012 Aug 20
1
Asterisk as TLS server as well as TLS client
...being TLS server for
his clients and connected in both way in TLS with both others asterisk,
each having hi own Common Name. Is this possible?
I set up 2 asterik's , one server and the other client, this is OK. But
I can't deal with certificats generated on both servers.
I tried to put tlscertfile ans tlscafile in the peer definition, each
pointing to the certificate generated by the server, but that? not working.
Thanks for any hint.
--
Daniel
2016 May 04
2
Asterisk 1.8 secure SIP session only
...ion: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection:
FILE * open failed!
I tried both signed and self-signed cert to no avail.
Here is my Configuration:
Sip.conf
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/box1.pem
tlscapath=/etc/asterisk/keys
tlscipher=ALL
tlsclientmethod=tlsv1
sip.conf ext.
[5006]
type=peer
context=sipext
call-limit=3
trustrpid=no
callerid="Rec" <5006>
disallow=all
allow=ulaw
allow=alaw
username=5006
secret=9fcbb025200881850526b...
2015 Mar 03
0
TLS, SRTP, Asterisk11 and Snom870s
>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes:
JBB> tcpenable=yes
JBB> tlsenable=yes
JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt
JBB> tlsdontverifyserver=yes
JBB> tlscipher=ALL
JBB> tlsclientmethod=tlsv1
You are missing the tls key.
The config name is tlsprivatekey; set that to the filename of your tls
key, ak...
2013 Aug 12
0
Asterisk WebRTC Support : WSS connection setup fails with error:00000000
...tcptls.c: == Problem setting up ssl
connection:ret=0, ssl_err=5, an EOF was observed that violates the
protocol
[Aug 12 06:50:10] WARNING[8037] tcptls.c: FILE * open failed!
************ config **********
my http.conf
---------------------
tlsenable=yes
tlsbindport=8089
tlsbindaddr=0.0.0.0
;tlscertfile=/etc/asterisk/keys/asterisk.crt
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlsprivatekey=/etc/asterisk/keys/asterisk.key
tlscipher=ALL
tlsclientmethod=tlsv1
;tlsverifyclient=no
;tlsdontverifyserver=yes
--
Rgds
astlov
2015 Jan 14
1
WSS Socket Configuration
Hi Alexey,
This is what works for me:
[http.conf]:
tlsenable=yes ; enable tls - default no.
tlsbindaddr=144.x.y.z:8089 ; address and port to bind to - default is
bindaddr and port 8089.
tlscertfile=/etc/asterisk/keys/mycert.pem ; path to the certificate
file (*.pem) only.
tlsprivatekey=/etc/asterisk/keys/mycert.pem ; path to private key file
(*.pem) only.
Date: Tue, 13 Jan 2015 10:02:08 +0000
From: Alexej Starschenko <a.starschenko at sabienzia.com>
To: "asterisk-users at li...
2020 Jan 08
2
TLS/SSL error loading cert file. </etc/asterisk/keys/asterisk.pem> [Almost SOLVED]
...Ssl 17:53 0:06
>> /usr/sbin/asterisk -g -f -p -U asterisk
>>
>> # cat /etc/asterisk/http.conf
>> [general]
>> servername=Asterisk
>> enabled=yes
>> bindaddr=0.0.0.0
>> bindport=8088
>> tlsenable=yes
>> tlsbindaddr=0.0.0.0:8089
>> tlscertfile=/etc/asterisk/keys/asterisk.pem
>> ;tlsprivatekey=keys/asterisk.key
>>
>> # ls -lR /etc/asterisk/keys
>> /etc/asterisk/keys:
>> total 32
>> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt
>> -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:5...
2016 Oct 26
2
Problem setting up ssl connection
...992]: tcptls.c:609 handle_tcptls_connection:
Problem setting up ssl connection: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Oct 26 14:38:19] WARNING[2992]: tcptls.c:684 handle_tcptls_connection:
FILE * open failed!
I have in sip.conf :
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlsdontverifyserver=yes
tlscipher=ALL
;tlsclientmethod=tlsv2
/etc/asterisk/keys :
-rw------- 1 root root 1,2K okt 26 14:25 asterisk.crt
-rw------- 1 root root 574 okt 26 14:24 asterisk.csr
-rw------- 1 root root 887 okt 26 14:24 asterisk.key
-rw------- 1 root ro...
2019 Nov 18
2
How to set http.conf for HTTPS support on Debian Buster ?
...161 nov. 18 20:46 ca.cfg
-rw------- 1 root root 1781 nov. 18 20:46 ca.crt
-rw------- 1 root root 3311 nov. 18 20:46 ca.key
-rw------- 1 root root 124 nov. 18 20:46 tmp.cfg
# cat /etc/asterisk/http.conf
[general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/asterisk/keys/asterisk.pem
But, still I don't have any HTTPS server running:
# asterisk -rx "http show status"
HTTP Server Status:
Prefix:
Server: Asterisk/17.0.0
Server Enabled and Bound to 0.0.0.0:8088
Enabled URI's:
/httpstatus => Asterisk HTTP General Status
/stati...
2020 Apr 17
0
[SOLVED]Re: TLS/SSL error loading cert file. </etc/asterisk/keys/asterisk.pem> [Almost SOLVED]
...terisk -g -f -p -U asterisk
>>>
>>> # cat /etc/asterisk/http.conf
>>> [general]
>>> servername=Asterisk
>>> enabled=yes
>>> bindaddr=0.0.0.0
>>> bindport=8088
>>> tlsenable=yes
>>> tlsbindaddr=0.0.0.0:8089
>>> tlscertfile=/etc/asterisk/keys/asterisk.pem
>>> ;tlsprivatekey=keys/asterisk.key
>>>
>>> # ls -lR /etc/asterisk/keys
>>> /etc/asterisk/keys:
>>> total 32
>>> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt
>>> -rw-rw-r-- 1 asterisk...
2011 Jun 07
1
tls/srtp: sip_xmit error: returned -2
...penssl commands directly and everything works elsewhere- so my CA
setup is fine (includes SAN).
My config for tls/srtp looks like this (remember, the rest works very
happily):
[global]
encryption = yes
tlsenable = yes
tlsbindaddr = 0.0.0.0
tlscertfile =
/path/to/asterisk/certificate/and/key/in/a/single/file
tlscafile = /path/to/CA/certificate
tlscipher = ALL
tlsclientmethod = tlsv1
[tls user]
transport = tls
Can someone give me any clues to what is happ...
2015 Sep 15
3
Asterisk 13 WebRTC Status report
..._existing=yes
max_contacts=1
;===============DEVICES
[webrtc1](endpoint-basic)
auth=webrtc1
aors=webrtc1
[webrtc1](auth-userpass)
password=secret
username=webrtc1
[webrtc1](aor-single-reg)
relevant part of http.conf
[general]
enabled=yes
bindaddr=0.0.0.0
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/pki/tls/certs/pbx.crt
tlsprivatekey=/etc/pki/tls/private/pbx.key
--
---------------------------------------
Marek Cervenka
=======================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-...
2011 Mar 01
3
TLS/SRTP calls go to circuit busy.
...0,n,NOOp( SECURE media ${CHANNEL(secure_media)} )
exten => 600,n,Answer()
exten => 600,n,Playback(demo-echotest)
exten => 600,n,Echo()
exten => _X.,1,Dial(SIP/CM8/${EXTEN:0},30,rt)
[general]
tlsenable=yes
tlsbindaddr=172.16.200.60
;tlsprivatekey=/usr/local/ssl/misc/asteriskkey.pem
;tlscertfile=/usr/local/ssl/misc/asteriskcert.pem
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
;tlscafile=/usr/local/ssl/misc/demoCA/cacert.pem
tlsclientmethod=tlsv1
[6001]
type=friend
secret=erasmus123
callerid="Mitch-MacBook" <6001>
;nat=yes
h...
2020 Jan 06
0
TLS/SSL error loading cert file. </etc/asterisk/keys/asterisk.pem>
...terisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06
> /usr/sbin/asterisk -g -f -p -U asterisk
>
> # cat /etc/asterisk/http.conf
> [general]
> servername=Asterisk
> enabled=yes
> bindaddr=0.0.0.0
> bindport=8088
> tlsenable=yes
> tlsbindaddr=0.0.0.0:8089
> tlscertfile=/etc/asterisk/keys/asterisk.pem
> ;tlsprivatekey=keys/asterisk.key
>
> # ls -lR /etc/asterisk/keys
> /etc/asterisk/keys:
> total 32
> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt
> -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr
> -rw-rw-r...
2011 Apr 01
0
Incoming SRTP call not working with Bria iPhone Edition
...CoS mark 5
-- Executing [400 at local:1] Dial("SIP/500-00000004", "SIP/400,20") in
new stack
== Using SIP RTP CoS mark 5
-- Called 400
SSL certificate ok
-- Nobody picked up in 20000 ms
}}}
My config files are :
* sip.conf :
{{{
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1 ;none of the others seem to work with Blink as the
client
[400]
type=peer
secret=400 ;note that this is NOT a secure password
host=dynamic
context=local
dtmfmode=rfc2833
disallow=all
allow=g722...
2014 Feb 16
0
SIP TLS question for asterisk 11
Hi All,
I'm on a middle of an asterisk installation/configuration for my company
and I'm testing the TLS configuration.
For this reason, I used the ast_tls_cert script to build the ssl
certificates for my server.
On sip.conf file:
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
and on my extension number configuration:
transport=tls
Finally, my phone was registered successfully on my asterisk server.
But, during my tests and while I switched on sip debug mode, I have...