Displaying 14 results from an estimated 14 matches for "tlsdontverifyserv".
Did you mean:
tlsdontverifyserver
2016 Oct 26
2
Problem setting up ssl connection
...D_BYTES:tlsv1 alert unknown ca
> [Oct 26 14:38:19] WARNING[2992]: tcptls.c:684
> handle_tcptls_connection: FILE * open failed!
>
> I have in sip.conf :
>
> tlsenable=yes
> tlsbindaddr=0.0.0.0
>
> tlscertfile=/etc/asterisk/keys/asterisk.pem
> tlsdontverifyserver=yes
> tlscipher=ALL
> ;tlsclientmethod=tlsv2
>
> /etc/asterisk/keys :
>
> -rw------- 1 root root 1,2K okt 26 14:25 asterisk.crt
> -rw------- 1 root root 574 okt 26 14:24 asterisk.csr
> -rw------- 1 root root 887 okt 26 14:24 asterisk.key
>...
2018 Feb 08
3
pjsip trunking configuration issue
...ss=X.Y.Z.D
external_signaling_address=X.Y.Z.D
verify_client=no
verify_server=no
allow_reload=yes
[twilio](!)
type=endpoint
transport=transport-tls
context=from-twilio
disallow=all
allow=ulaw
dtmf_mode=inband
media_encryption=sdes
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes
canreinvite=no
tlsdontverifyserver=yes
[auth-out](!)
type=auth
auth_type=userpass
[twilio]
aors=twilio-aors
[twilio-aors]
type=aor
contact=sips:trunkname.pstn.twilio.com:5061 ;tried with sip: also
[twilio]
type=identify
endpoint=twilio
match=54.172.60.0
match=54.172.60.1
match=54.172.60.2
match=54.172.60.3
[endpoint-basic](!...
2016 Oct 26
2
Problem setting up ssl connection
...Problem setting up ssl connection: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Oct 26 14:38:19] WARNING[2992]: tcptls.c:684 handle_tcptls_connection:
FILE * open failed!
I have in sip.conf :
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlsdontverifyserver=yes
tlscipher=ALL
;tlsclientmethod=tlsv2
/etc/asterisk/keys :
-rw------- 1 root root 1,2K okt 26 14:25 asterisk.crt
-rw------- 1 root root 574 okt 26 14:24 asterisk.csr
-rw------- 1 root root 887 okt 26 14:24 asterisk.key
-rw------- 1 root root 2,1K okt 26 14:25 asterisk.pem
-rw------- 1 root...
2019 Jul 05
2
unsolved: Re: solved: how to create a working certificate for using TLS?
...been using to
> create the certificate, and I can't see anywhere that it would expire
> earlier than after 3650 days. Is there another way to check this?
>
> openssl verify -CAfile ca.crt server.crt
openssl verify -CAfile ca.pem asterisk.pem
asterisk.pem: OK
When I set tlsdontverifyserver=yes, it works (i. e. asterisk registers
to the SIP provider and there is no error message). Otherwise I'm
getting the error message and asterisk does not register.
Reading the comments in sip.conf.sample, I would assume that asterisk
can not verify the certificate of the SIP provider. Yet...
2019 Jul 06
4
unsolved: Re: solved: how to create a working certificate for using TLS?
On 7/6/19 10:40 AM, Michael Maier wrote:
> On 05.07.19 at 22:02 hw wrote:
>>
>> openssl verify -CAfile ca.pem asterisk.pem
>> asterisk.pem: OK
>>
>>
>> When I set tlsdontverifyserver=yes, it works (i. e. asterisk registers
>> to the SIP provider and there is no error message). Otherwise I'm
>> getting the error message and asterisk does not register.
>>
>> Reading the comments in sip.conf.sample, I would assume that asterisk
>> can not verif...
2015 Mar 03
6
TLS, SRTP, Asterisk11 and Snom870s
...ith
Snom870s using TLS) to work and if so could you provide the details?
I have this in Asterisk sip.conf (loaded through FreePBXs
sip_general_additional.conf).
tcpenable=yes
tlsenable=yes
tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
tlscafile=/etc/pki/tls/certs/ca-bundle.crt
tlsdontverifyserver=yes
tlscipher=ALL
tlsclientmethod=tlsv1
And I have this for the test device context:
[41712]
deny=0.0.0.0/0.0.0.0
secret=NearlyANastyThat
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
sendrpid=no
type=friend
nat=no
port=5060
qualify=yes
qualifyfreq=60
transpor...
2015 Mar 03
2
TLS, SRTP, Asterisk11 and Snom870s
...t;>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes:
>
> JBB> tcpenable=yes
> JBB> tlsenable=yes
> JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
> JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt
> JBB> tlsdontverifyserver=yes
> JBB> tlscipher=ALL
> JBB> tlsclientmethod=tlsv1
>
> You are missing the tls key.
>
> The config name is tlsprivatekey; set that to the filename of your tls
> key, akin to how tlscertfile is set.
>
> -JimC
Thank you. The settings in sip_general_additional.c...
2015 Mar 03
0
TLS, SRTP, Asterisk11 and Snom870s
>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes:
JBB> tcpenable=yes
JBB> tlsenable=yes
JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt
JBB> tlsdontverifyserver=yes
JBB> tlscipher=ALL
JBB> tlsclientmethod=tlsv1
You are missing the tls key.
The config name is tlsprivatekey; set that to the filename of your tls
key, akin to how tlscertfile is set.
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
2019 Jun 26
2
how to create a working certificate for using TLS?
...suddenly quit working today.
The certificate verifies just fine with
openssl verify -verbose -CAfile ca.crt asterisk.pem
Yet asterisk keeps saying:
tcptls.c:173 handle_tcptls_connection: Certificate did not verify: unable to get local issuer certificate
no matter what I do until I set 'tlsdontverifyserver=yes' in sip.conf.
Why doesn't the error message at least say which certificate it is
referring to?
Every time I have to deal with certificates, I hate that stuff more
and more ...
2014 Aug 12
0
Asterisk 11.11 with TCP/TLS SRTP and Grandstream gxp1450 not working
...e_tcptls_connection: FILE * open failed!
Encryption is configured via
;-------------------------Encryption-----
encryption=yes
tlsenable=yes
tlsbindaddr=::
tlscertfile=/var/lib/asterisk/keys/asterisk.pem
tlscafile=/var/lib/asterisk/keys/ca.crt
tlscipher=ALL
srtpcapable=yes
;tlsclientmethod=tlsv1
tlsdontverifyserver=yes
and the phone is sourced by
context=default ; Default context for incoming calls
allowoverlap=no
udpbindaddr=::
tcpenable=yes
tcpbindaddr=::
srvlookup=yes
and
[IPV6](!,my-codecs)
dtmfmode=rfc2833
context=sip-out
type=friend
host=dynamic
transport=tls
encryption=yes
nat=no...
2014 Aug 13
0
SRTP only from asterisk to extention possible
...ents=yes
qualify=yes
faxdetect=yes
t38pt_udptl=no
disallow=all
allow=ulaw
allow=alaw
;-------------------------Encryption-----
encryption=yes
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/var/lib/asterisk/keys/asterisk.pem
tlscafile=/var/lib/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
tlsdontverifyserver=yes
;--------------------------Default----------------
context=default ; Default context for incoming calls
allowoverlap=no
udpbindaddr=0.0.0.0
tcpenable=yes
tcpbindaddr=0.0.0.0
srvlookup=yes
[my-codecs](!) ; a template for my preferred codecs
disallow=all
allo...
2013 Aug 12
0
Asterisk WebRTC Support : WSS connection setup fails with error:00000000
...-------------------
tlsenable=yes
tlsbindport=8089
tlsbindaddr=0.0.0.0
;tlscertfile=/etc/asterisk/keys/asterisk.crt
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlsprivatekey=/etc/asterisk/keys/asterisk.key
tlscipher=ALL
tlsclientmethod=tlsv1
;tlsverifyclient=no
;tlsdontverifyserver=yes
--
Rgds
astlov
2019 Jul 05
3
unsolved: Re: solved: how to create a working certificate for using TLS?
On 7/5/19 9:22 PM, Steve Murphy wrote:
> hw--
>
> I see this kind of behavior when the certificate expires... you've
> probably checked this, but sometimes we
> miss little details like that.
I thought about that and checked the configuration I've been using to
create the certificate, and I can't see anywhere that it would expire
earlier than after 3650 days. Is
2015 Mar 03
0
TLS, SRTP, Asterisk11 and Snom870s
...ould you provide the details?
>
> I have this in Asterisk sip.conf (loaded through FreePBXs
> sip_general_additional.conf).
>
> tcpenable=yes
> tlsenable=yes
> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt
> tlscafile=/etc/pki/tls/certs/ca-bundle.crt
> tlsdontverifyserver=yes
> tlscipher=ALL
> tlsclientmethod=tlsv1
>
> And I have this for the test device context:
>
> [41712]
> deny=0.0.0.0/0.0.0.0
> secret=NearlyANastyThat
> dtmfmode=rfc2833
> canreinvite=no
> context=from-internal
> host=dynamic
> trustrpid=yes
> sendrpid...