search for: tlscertfil

..." section, instead of 'ls -w 1 /etc/asterisk/keys', could a 'ls -l /etc/asterisk/keys' be used ? This would help to check file permissions. If possible, having those file permissions shown when Asterisk is run as asterisk:asterisk would be very helpful. 2. Instead of a generic tlscertfile=<your_cert_file> tlsprivatekey=<your_key_file> could a specific writing be preferred tlscertfile=/etc/asterisk/keys/asterisk.crt tlsprivatekey=/etc/asterisk/keys/asterisk.key This would be consistent with the "We'll use the asterisk.crt, asterisk.key and ca.crt" text, a...

...rdinarily (to me) Byzantine environemnt I am going to ask if any of you have gotten this set-up (Asterisk11 with Snom870s using TLS) to work and if so could you provide the details? I have this in Asterisk sip.conf (loaded through FreePBXs sip_general_additional.conf). tcpenable=yes tlsenable=yes tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt tlscafile=/etc/pki/tls/certs/ca-bundle.crt tlsdontverifyserver=yes tlscipher=ALL tlsclientmethod=tlsv1 And I have this for the test device context: [41712] deny=0.0.0.0/0.0.0.0 secret=NearlyANastyThat dtmfmode=rfc2833 canreinvite=no context=f...

On Tue, March 3, 2015 13:37, James Cloos wrote: >>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: > > JBB> tcpenable=yes > JBB> tlsenable=yes > JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt > JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt > JBB> tlsdontverifyserver=yes > JBB> tlscipher=ALL > JBB> tlsclientmethod=tlsv1 > > You are missing the tls key. > > The config name is tlsprivatekey; set th...

...e HTTPS. Asterisk is running as asterisk:asterisk: asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 /usr/sbin/asterisk -g -f -p -U asterisk # cat /etc/asterisk/http.conf [general] servername=Asterisk enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/asterisk/keys/asterisk.pem ;tlsprivatekey=keys/asterisk.key # ls -lR /etc/asterisk/keys /etc/asterisk/keys: total 32 -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr -rw-rw-r-- 1 asterisk asterisk 887 janv. 6 15...

...iki.asterisk.org/wiki/display/AST/Configuring+Asterisk+for+WebRTC+Clients "To communicate with websocket clients, Asterisk uses its built-in HTTP daemon. Configure /etc/asterisk/http.conf as follows: [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=<your_cert_file> tlsprivatekey=<your_key_file> tlscafile=<your_ca_cert_file>" What is the tlscafile setting? When I look at the http.conf samples it doesn't mention the tlscafile setting. I see there is a tlscafile setting in sip.conf, but I don't find this anywher...

...being TLS server for his clients and connected in both way in TLS with both others asterisk, each having hi own Common Name. Is this possible? I set up 2 asterik's , one server and the other client, this is OK. But I can't deal with certificats generated on both servers. I tried to put tlscertfile ans tlscafile in the peer definition, each pointing to the certificate generated by the server, but that? not working. Thanks for any hint. -- Daniel

...ion: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed! I tried both signed and self-signed cert to no avail. Here is my Configuration: Sip.conf tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/box1.pem tlscapath=/etc/asterisk/keys tlscipher=ALL tlsclientmethod=tlsv1 sip.conf ext. [5006] type=peer context=sipext call-limit=3 trustrpid=no callerid="Rec" <5006> disallow=all allow=ulaw allow=alaw username=5006 secret=9fcbb025200881850526b...

>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: JBB> tcpenable=yes JBB> tlsenable=yes JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt JBB> tlsdontverifyserver=yes JBB> tlscipher=ALL JBB> tlsclientmethod=tlsv1 You are missing the tls key. The config name is tlsprivatekey; set that to the filename of your tls key, ak...

...tcptls.c: == Problem setting up ssl connection:ret=0, ssl_err=5, an EOF was observed that violates the protocol [Aug 12 06:50:10] WARNING[8037] tcptls.c: FILE * open failed! ************ config ********** my http.conf --------------------- tlsenable=yes tlsbindport=8089 tlsbindaddr=0.0.0.0 ;tlscertfile=/etc/asterisk/keys/asterisk.crt tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlsprivatekey=/etc/asterisk/keys/asterisk.key tlscipher=ALL tlsclientmethod=tlsv1 ;tlsverifyclient=no ;tlsdontverifyserver=yes -- Rgds astlov

Hi Alexey, This is what works for me: [http.conf]: tlsenable=yes ; enable tls - default no. tlsbindaddr=144.x.y.z:8089 ; address and port to bind to - default is bindaddr and port 8089. tlscertfile=/etc/asterisk/keys/mycert.pem ; path to the certificate file (*.pem) only. tlsprivatekey=/etc/asterisk/keys/mycert.pem ; path to private key file (*.pem) only. Date: Tue, 13 Jan 2015 10:02:08 +0000 From: Alexej Starschenko <a.starschenko at sabienzia.com> To: "asterisk-users at li...

...Ssl 17:53 0:06 >> /usr/sbin/asterisk -g -f -p -U asterisk >> >> # cat /etc/asterisk/http.conf >> [general] >> servername=Asterisk >> enabled=yes >> bindaddr=0.0.0.0 >> bindport=8088 >> tlsenable=yes >> tlsbindaddr=0.0.0.0:8089 >> tlscertfile=/etc/asterisk/keys/asterisk.pem >> ;tlsprivatekey=keys/asterisk.key >> >> # ls -lR /etc/asterisk/keys >> /etc/asterisk/keys: >> total 32 >> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt >> -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:5...

...992]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca [Oct 26 14:38:19] WARNING[2992]: tcptls.c:684 handle_tcptls_connection: FILE * open failed! I have in sip.conf : tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlsdontverifyserver=yes tlscipher=ALL ;tlsclientmethod=tlsv2 /etc/asterisk/keys : -rw------- 1 root root 1,2K okt 26 14:25 asterisk.crt -rw------- 1 root root 574 okt 26 14:24 asterisk.csr -rw------- 1 root root 887 okt 26 14:24 asterisk.key -rw------- 1 root ro...

...161 nov. 18 20:46 ca.cfg -rw------- 1 root root 1781 nov. 18 20:46 ca.crt -rw------- 1 root root 3311 nov. 18 20:46 ca.key -rw------- 1 root root 124 nov. 18 20:46 tmp.cfg # cat /etc/asterisk/http.conf [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/asterisk/keys/asterisk.pem But, still I don't have any HTTPS server running: # asterisk -rx "http show status" HTTP Server Status: Prefix: Server: Asterisk/17.0.0 Server Enabled and Bound to 0.0.0.0:8088 Enabled URI's: /httpstatus => Asterisk HTTP General Status /stati...

...terisk -g -f -p -U asterisk >>> >>> # cat /etc/asterisk/http.conf >>> [general] >>> servername=Asterisk >>> enabled=yes >>> bindaddr=0.0.0.0 >>> bindport=8088 >>> tlsenable=yes >>> tlsbindaddr=0.0.0.0:8089 >>> tlscertfile=/etc/asterisk/keys/asterisk.pem >>> ;tlsprivatekey=keys/asterisk.key >>> >>> # ls -lR /etc/asterisk/keys >>> /etc/asterisk/keys: >>> total 32 >>> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt >>> -rw-rw-r-- 1 asterisk...

...penssl commands directly and everything works elsewhere- so my CA setup is fine (includes SAN). My config for tls/srtp looks like this (remember, the rest works very happily): [global] encryption = yes tlsenable = yes tlsbindaddr = 0.0.0.0 tlscertfile = /path/to/asterisk/certificate/and/key/in/a/single/file tlscafile = /path/to/CA/certificate tlscipher = ALL tlsclientmethod = tlsv1 [tls user] transport = tls Can someone give me any clues to what is happ...

..._existing=yes max_contacts=1 ;===============DEVICES [webrtc1](endpoint-basic) auth=webrtc1 aors=webrtc1 [webrtc1](auth-userpass) password=secret username=webrtc1 [webrtc1](aor-single-reg) relevant part of http.conf [general] enabled=yes bindaddr=0.0.0.0 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/pki/tls/certs/pbx.crt tlsprivatekey=/etc/pki/tls/private/pbx.key -- --------------------------------------- Marek Cervenka ======================================= -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-...

...0,n,NOOp( SECURE media ${CHANNEL(secure_media)} ) exten => 600,n,Answer() exten => 600,n,Playback(demo-echotest) exten => 600,n,Echo() exten => _X.,1,Dial(SIP/CM8/${EXTEN:0},30,rt) [general] tlsenable=yes tlsbindaddr=172.16.200.60 ;tlsprivatekey=/usr/local/ssl/misc/asteriskkey.pem ;tlscertfile=/usr/local/ssl/misc/asteriskcert.pem tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL ;tlscafile=/usr/local/ssl/misc/demoCA/cacert.pem tlsclientmethod=tlsv1 [6001] type=friend secret=erasmus123 callerid="Mitch-MacBook" <6001> ;nat=yes h...

...terisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 > /usr/sbin/asterisk -g -f -p -U asterisk > > # cat /etc/asterisk/http.conf > [general] > servername=Asterisk > enabled=yes > bindaddr=0.0.0.0 > bindport=8088 > tlsenable=yes > tlsbindaddr=0.0.0.0:8089 > tlscertfile=/etc/asterisk/keys/asterisk.pem > ;tlsprivatekey=keys/asterisk.key > > # ls -lR /etc/asterisk/keys > /etc/asterisk/keys: > total 32 > -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt > -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr > -rw-rw-r...

...CoS mark 5 -- Executing [400 at local:1] Dial("SIP/500-00000004", "SIP/400,20") in new stack == Using SIP RTP CoS mark 5 -- Called 400 SSL certificate ok -- Nobody picked up in 20000 ms }}} My config files are : * sip.conf : {{{ tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 ;none of the others seem to work with Blink as the client [400] type=peer secret=400 ;note that this is NOT a secure password host=dynamic context=local dtmfmode=rfc2833 disallow=all allow=g722...

Hi All, I'm on a middle of an asterisk installation/configuration for my company and I'm testing the TLS configuration. For this reason, I used the ast_tls_cert script to build the ssl certificates for my server. On sip.conf file: tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 and on my extension number configuration: transport=tls Finally, my phone was registered successfully on my asterisk server. But, during my tests and while I switched on sip debug mode, I have...