search for: tlsdontverifyserv

...D_BYTES:tlsv1 alert unknown ca > [Oct 26 14:38:19] WARNING[2992]: tcptls.c:684 > handle_tcptls_connection: FILE * open failed! > > I have in sip.conf : > > tlsenable=yes > tlsbindaddr=0.0.0.0 > > tlscertfile=/etc/asterisk/keys/asterisk.pem > tlsdontverifyserver=yes > tlscipher=ALL > ;tlsclientmethod=tlsv2 > > /etc/asterisk/keys : > > -rw------- 1 root root 1,2K okt 26 14:25 asterisk.crt > -rw------- 1 root root 574 okt 26 14:24 asterisk.csr > -rw------- 1 root root 887 okt 26 14:24 asterisk.key >...

...ss=X.Y.Z.D external_signaling_address=X.Y.Z.D verify_client=no verify_server=no allow_reload=yes [twilio](!) type=endpoint transport=transport-tls context=from-twilio disallow=all allow=ulaw dtmf_mode=inband media_encryption=sdes rtp_symmetric=yes rewrite_contact=yes force_rport=yes canreinvite=no tlsdontverifyserver=yes [auth-out](!) type=auth auth_type=userpass [twilio] aors=twilio-aors [twilio-aors] type=aor contact=sips:trunkname.pstn.twilio.com:5061 ;tried with sip: also [twilio] type=identify endpoint=twilio match=54.172.60.0 match=54.172.60.1 match=54.172.60.2 match=54.172.60.3 [endpoint-basic](!...

...Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca [Oct 26 14:38:19] WARNING[2992]: tcptls.c:684 handle_tcptls_connection: FILE * open failed! I have in sip.conf : tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlsdontverifyserver=yes tlscipher=ALL ;tlsclientmethod=tlsv2 /etc/asterisk/keys : -rw------- 1 root root 1,2K okt 26 14:25 asterisk.crt -rw------- 1 root root 574 okt 26 14:24 asterisk.csr -rw------- 1 root root 887 okt 26 14:24 asterisk.key -rw------- 1 root root 2,1K okt 26 14:25 asterisk.pem -rw------- 1 root...

...been using to > create the certificate, and I can't see anywhere that it would expire > earlier than after 3650 days.  Is there another way to check this? > > openssl verify -CAfile ca.crt server.crt openssl verify -CAfile ca.pem asterisk.pem asterisk.pem: OK When I set tlsdontverifyserver=yes, it works (i. e. asterisk registers to the SIP provider and there is no error message). Otherwise I'm getting the error message and asterisk does not register. Reading the comments in sip.conf.sample, I would assume that asterisk can not verify the certificate of the SIP provider. Yet...

On 7/6/19 10:40 AM, Michael Maier wrote: > On 05.07.19 at 22:02 hw wrote: >> >> openssl verify -CAfile ca.pem asterisk.pem >> asterisk.pem: OK >> >> >> When I set tlsdontverifyserver=yes, it works (i. e. asterisk registers >> to the SIP provider and there is no error message).  Otherwise I'm >> getting the error message and asterisk does not register. >> >> Reading the comments in sip.conf.sample, I would assume that asterisk >> can not verif...

...ith Snom870s using TLS) to work and if so could you provide the details? I have this in Asterisk sip.conf (loaded through FreePBXs sip_general_additional.conf). tcpenable=yes tlsenable=yes tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt tlscafile=/etc/pki/tls/certs/ca-bundle.crt tlsdontverifyserver=yes tlscipher=ALL tlsclientmethod=tlsv1 And I have this for the test device context: [41712] deny=0.0.0.0/0.0.0.0 secret=NearlyANastyThat dtmfmode=rfc2833 canreinvite=no context=from-internal host=dynamic trustrpid=yes sendrpid=no type=friend nat=no port=5060 qualify=yes qualifyfreq=60 transpor...

...t;>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: > > JBB> tcpenable=yes > JBB> tlsenable=yes > JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt > JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt > JBB> tlsdontverifyserver=yes > JBB> tlscipher=ALL > JBB> tlsclientmethod=tlsv1 > > You are missing the tls key. > > The config name is tlsprivatekey; set that to the filename of your tls > key, akin to how tlscertfile is set. > > -JimC Thank you. The settings in sip_general_additional.c...

>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: JBB> tcpenable=yes JBB> tlsenable=yes JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt JBB> tlsdontverifyserver=yes JBB> tlscipher=ALL JBB> tlsclientmethod=tlsv1 You are missing the tls key. The config name is tlsprivatekey; set that to the filename of your tls key, akin to how tlscertfile is set. -JimC -- James Cloos <cloos at jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6

...suddenly quit working today. The certificate verifies just fine with openssl verify -verbose -CAfile ca.crt asterisk.pem Yet asterisk keeps saying: tcptls.c:173 handle_tcptls_connection: Certificate did not verify: unable to get local issuer certificate no matter what I do until I set 'tlsdontverifyserver=yes' in sip.conf. Why doesn't the error message at least say which certificate it is referring to? Every time I have to deal with certificates, I hate that stuff more and more ...

...e_tcptls_connection: FILE * open failed! Encryption is configured via ;-------------------------Encryption----- encryption=yes tlsenable=yes tlsbindaddr=:: tlscertfile=/var/lib/asterisk/keys/asterisk.pem tlscafile=/var/lib/asterisk/keys/ca.crt tlscipher=ALL srtpcapable=yes ;tlsclientmethod=tlsv1 tlsdontverifyserver=yes and the phone is sourced by context=default ; Default context for incoming calls allowoverlap=no udpbindaddr=:: tcpenable=yes tcpbindaddr=:: srvlookup=yes and [IPV6](!,my-codecs) dtmfmode=rfc2833 context=sip-out type=friend host=dynamic transport=tls encryption=yes nat=no...

...ents=yes qualify=yes faxdetect=yes t38pt_udptl=no disallow=all allow=ulaw allow=alaw ;-------------------------Encryption----- encryption=yes tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/var/lib/asterisk/keys/asterisk.pem tlscafile=/var/lib/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 tlsdontverifyserver=yes ;--------------------------Default---------------- context=default ; Default context for incoming calls allowoverlap=no udpbindaddr=0.0.0.0 tcpenable=yes tcpbindaddr=0.0.0.0 srvlookup=yes [my-codecs](!) ; a template for my preferred codecs disallow=all allo...

...------------------- tlsenable=yes tlsbindport=8089 tlsbindaddr=0.0.0.0 ;tlscertfile=/etc/asterisk/keys/asterisk.crt tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlsprivatekey=/etc/asterisk/keys/asterisk.key tlscipher=ALL tlsclientmethod=tlsv1 ;tlsverifyclient=no ;tlsdontverifyserver=yes -- Rgds astlov

On 7/5/19 9:22 PM, Steve Murphy wrote: > hw-- > > I see this kind of behavior when the certificate expires... you've > probably checked this, but sometimes we > miss little details like that. I thought about that and checked the configuration I've been using to create the certificate, and I can't see anywhere that it would expire earlier than after 3650 days. Is

...ould you provide the details? > > I have this in Asterisk sip.conf (loaded through FreePBXs > sip_general_additional.conf). > > tcpenable=yes > tlsenable=yes > tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt > tlscafile=/etc/pki/tls/certs/ca-bundle.crt > tlsdontverifyserver=yes > tlscipher=ALL > tlsclientmethod=tlsv1 > > And I have this for the test device context: > > [41712] > deny=0.0.0.0/0.0.0.0 > secret=NearlyANastyThat > dtmfmode=rfc2833 > canreinvite=no > context=from-internal > host=dynamic > trustrpid=yes > sendrpid...