search for: tlsenable

...Buster, I can't find a way to enable HTTPS. Asterisk is running as asterisk:asterisk: asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 /usr/sbin/asterisk -g -f -p -U asterisk # cat /etc/asterisk/http.conf [general] servername=Asterisk enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/asterisk/keys/asterisk.pem ;tlsprivatekey=keys/asterisk.key # ls -lR /etc/asterisk/keys /etc/asterisk/keys: total 32 -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr -rw-rw-...

...terisk for WebRTC clients... https://wiki.asterisk.org/wiki/display/AST/Configuring+Asterisk+for+WebRTC+Clients "To communicate with websocket clients, Asterisk uses its built-in HTTP daemon. Configure /etc/asterisk/http.conf as follows: [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=<your_cert_file> tlsprivatekey=<your_key_file> tlscafile=<your_ca_cert_file>" What is the tlscafile setting? When I look at the http.conf samples it doesn't mention the tlscafile setting. I see there is a tlscafile setting in sip...

...== Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed! I tried both signed and self-signed cert to no avail. Here is my Configuration: Sip.conf tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/box1.pem tlscapath=/etc/asterisk/keys tlscipher=ALL tlsclientmethod=tlsv1 sip.conf ext. [5006] type=peer context=sipext call-limit=3 trustrpid=no callerid="Rec" <5006> disallow=all allow=ulaw allow=alaw userna...

...s is an extraordinarily (to me) Byzantine environemnt I am going to ask if any of you have gotten this set-up (Asterisk11 with Snom870s using TLS) to work and if so could you provide the details? I have this in Asterisk sip.conf (loaded through FreePBXs sip_general_additional.conf). tcpenable=yes tlsenable=yes tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt tlscafile=/etc/pki/tls/certs/ca-bundle.crt tlsdontverifyserver=yes tlscipher=ALL tlsclientmethod=tlsv1 And I have this for the test device context: [41712] deny=0.0.0.0/0.0.0.0 secret=NearlyANastyThat dtmfmode=rfc2833 canreinvi...

Hi Alexey, This is what works for me: [http.conf]: tlsenable=yes ; enable tls - default no. tlsbindaddr=144.x.y.z:8089 ; address and port to bind to - default is bindaddr and port 8089. tlscertfile=/etc/asterisk/keys/mycert.pem ; path to the certificate file (*.pem) only. tlsprivatekey=/etc/asterisk/keys/mycert.pem ; path to private key file...

...; >> asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 >> /usr/sbin/asterisk -g -f -p -U asterisk >> >> # cat /etc/asterisk/http.conf >> [general] >> servername=Asterisk >> enabled=yes >> bindaddr=0.0.0.0 >> bindport=8088 >> tlsenable=yes >> tlsbindaddr=0.0.0.0:8089 >> tlscertfile=/etc/asterisk/keys/asterisk.pem >> ;tlsprivatekey=keys/asterisk.key >> >> # ls -lR /etc/asterisk/keys >> /etc/asterisk/keys: >> total 32 >> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt...

...on CLI : [Oct 26 14:38:19] ERROR[2992]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca [Oct 26 14:38:19] WARNING[2992]: tcptls.c:684 handle_tcptls_connection: FILE * open failed! I have in sip.conf : tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlsdontverifyserver=yes tlscipher=ALL ;tlsclientmethod=tlsv2 /etc/asterisk/keys : -rw------- 1 root root 1,2K okt 26 14:25 asterisk.crt -rw------- 1 root root 574 okt 26 14:24 asterisk.csr -rw------- 1 root root 887 okt 26 14:...

On Tue, March 3, 2015 13:37, James Cloos wrote: >>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: > > JBB> tcpenable=yes > JBB> tlsenable=yes > JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt > JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt > JBB> tlsdontverifyserver=yes > JBB> tlscipher=ALL > JBB> tlsclientmethod=tlsv1 > > You are missing the tls key. > > The config n...

...7 asterisk.pem -rw------- 1 root root 161 nov. 18 20:46 ca.cfg -rw------- 1 root root 1781 nov. 18 20:46 ca.crt -rw------- 1 root root 3311 nov. 18 20:46 ca.key -rw------- 1 root root 124 nov. 18 20:46 tmp.cfg # cat /etc/asterisk/http.conf [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/asterisk/keys/asterisk.pem But, still I don't have any HTTPS server running: # asterisk -rx "http show status" HTTP Server Status: Prefix: Server: Asterisk/17.0.0 Server Enabled and Bound to 0.0.0.0:8088 Enabled URI's: /httpstatus =...

...741352 67984 ? Ssl 17:53 0:06 >>> /usr/sbin/asterisk -g -f -p -U asterisk >>> >>> # cat /etc/asterisk/http.conf >>> [general] >>> servername=Asterisk >>> enabled=yes >>> bindaddr=0.0.0.0 >>> bindport=8088 >>> tlsenable=yes >>> tlsbindaddr=0.0.0.0:8089 >>> tlscertfile=/etc/asterisk/keys/asterisk.pem >>> ;tlsprivatekey=keys/asterisk.key >>> >>> # ls -lR /etc/asterisk/keys >>> /etc/asterisk/keys: >>> total 32 >>> -rw-rw-r-- 1 asterisk asterisk 1...

...sing my own CA setup for purposes beyond just this need, so I'm using openssl commands directly and everything works elsewhere- so my CA setup is fine (includes SAN). My config for tls/srtp looks like this (remember, the rest works very happily): [global] encryption = yes tlsenable = yes tlsbindaddr = 0.0.0.0 tlscertfile = /path/to/asterisk/certificate/and/key/in/a/single/file tlscafile = /path/to/CA/certificate tlscipher = ALL tlsclientmethod = tlsv1 [tls user] tra...

...ss [aor-single-reg](!) type=aor remove_existing=yes max_contacts=1 ;===============DEVICES [webrtc1](endpoint-basic) auth=webrtc1 aors=webrtc1 [webrtc1](auth-userpass) password=secret username=webrtc1 [webrtc1](aor-single-reg) relevant part of http.conf [general] enabled=yes bindaddr=0.0.0.0 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/pki/tls/certs/pbx.crt tlsprivatekey=/etc/pki/tls/private/pbx.key -- --------------------------------------- Marek Cervenka ======================================= -------------- next part -------------- An HTML attachment was scrubbed... URL: <htt...

...o host", I can't use our IAX outgoing trunks and the only way to get things working again is to restart Asterisk. Am I missing something silly here? Here is my sip.conf: [general] subscribecontext=sip-blf context=default disallow=all allow=alaw allow=ulaw allowguest=no tcpenable=no tlsenable=no srvlookup=no localnet=192.168.56.0/255.255.255.0 localnet=192.168.57.0/255.255.255.0 tos_sip=cs3 ; Sets TOS for SIP packets. tos_audio=ef ; Sets TOS for RTP audio packets. canreinvite=no dtmfmode = rfc2833 notifyringing=yes limitonpeers=yes callcounter=yes...

>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: JBB> tcpenable=yes JBB> tlsenable=yes JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt JBB> tlsdontverifyserver=yes JBB> tlscipher=ALL JBB> tlsclientmethod=tlsv1 You are missing the tls key. The config name is tlsprivatekey; set that to the filen...

Kindly guide with debugging TLS issue in asterisk 11.16. Compiled from source and works all ok ! Added the below to sip.conf tlsenable=yes tlsbindaddr=0.0.0.0:5061 However asterisk doesn't even listen to port 5061 sudo netstat -anp Kindly guide Thanks Best, Chirag A. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150318/f466...

...isk is running as asterisk:asterisk: > > asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 > /usr/sbin/asterisk -g -f -p -U asterisk > > # cat /etc/asterisk/http.conf > [general] > servername=Asterisk > enabled=yes > bindaddr=0.0.0.0 > bindport=8088 > tlsenable=yes > tlsbindaddr=0.0.0.0:8089 > tlscertfile=/etc/asterisk/keys/asterisk.pem > ;tlsprivatekey=keys/asterisk.key > > # ls -lR /etc/asterisk/keys > /etc/asterisk/keys: > total 32 > -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt > -rw-rw-r-- 1 asterisk aster...

...icked up : {{{ == Using SIP RTP CoS mark 5 -- Executing [400 at local:1] Dial("SIP/500-00000004", "SIP/400,20") in new stack == Using SIP RTP CoS mark 5 -- Called 400 SSL certificate ok -- Nobody picked up in 20000 ms }}} My config files are : * sip.conf : {{{ tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 ;none of the others seem to work with Blink as the client [400] type=peer secret=400 ;note that this is NOT a secure password host=dynamic context=local dtmfm...

Hi All, I'm on a middle of an asterisk installation/configuration for my company and I'm testing the TLS configuration. For this reason, I used the ast_tls_cert script to build the ssl certificates for my server. On sip.conf file: tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 and on my extension number configuration: transport=tls Finally, my phone was registered successfully on my asterisk server. But, during my tests and while I...

Hi all, i try to deactivate SRTP in asterisk 11. In sip.conf: tlsenable=no encryption=no transport=udp srtpcapable=no but when I try to make a call comes following message: [May 9 15:19:03] DEBUG[24745][C-00000086]: sip/sdp_crypto.c:285 sdp_crypto_process: Accepting crypto tag 1 [May 9 15:19:03] DEBUG[24745][C-00000086]: sip/sdp_crypto.c:310 sdp_crypto_offer: Crypt...

...certificate ok == Problem setting up ssl connection: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure WARNING[7421]: tcptls.c:668 handle_tcptls_connection: FILE * open failed! Encryption is configured via ;-------------------------Encryption----- encryption=yes tlsenable=yes tlsbindaddr=:: tlscertfile=/var/lib/asterisk/keys/asterisk.pem tlscafile=/var/lib/asterisk/keys/ca.crt tlscipher=ALL srtpcapable=yes ;tlsclientmethod=tlsv1 tlsdontverifyserver=yes and the phone is sourced by context=default ; Default context for incoming calls allowoverlap=no...