search for: tlsprivatekey

...-w 1 /etc/asterisk/keys', could a 'ls -l /etc/asterisk/keys' be used ? This would help to check file permissions. If possible, having those file permissions shown when Asterisk is run as asterisk:asterisk would be very helpful. 2. Instead of a generic tlscertfile=<your_cert_file> tlsprivatekey=<your_key_file> could a specific writing be preferred tlscertfile=/etc/asterisk/keys/asterisk.crt tlsprivatekey=/etc/asterisk/keys/asterisk.key This would be consistent with the "We'll use the asterisk.crt, asterisk.key and ca.crt" text, a couple of lines above. 3. If I'm...

...risk: asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 /usr/sbin/asterisk -g -f -p -U asterisk # cat /etc/asterisk/http.conf [general] servername=Asterisk enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/asterisk/keys/asterisk.pem ;tlsprivatekey=keys/asterisk.key # ls -lR /etc/asterisk/keys /etc/asterisk/keys: total 32 -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr -rw-rw-r-- 1 asterisk asterisk 887 janv. 6 15:59 asterisk.key -rw-rw-r-- 1 asterisk asterisk...

...onfiguring+Asterisk+for+WebRTC+Clients "To communicate with websocket clients, Asterisk uses its built-in HTTP daemon. Configure /etc/asterisk/http.conf as follows: [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=<your_cert_file> tlsprivatekey=<your_key_file> tlscafile=<your_ca_cert_file>" What is the tlscafile setting? When I look at the http.conf samples it doesn't mention the tlscafile setting. I see there is a tlscafile setting in sip.conf, but I don't find this anywhere else. Is the wiki web page mistaken...

Hi Alexey, This is what works for me: [http.conf]: tlsenable=yes ; enable tls - default no. tlsbindaddr=144.x.y.z:8089 ; address and port to bind to - default is bindaddr and port 8089. tlscertfile=/etc/asterisk/keys/mycert.pem ; path to the certificate file (*.pem) only. tlsprivatekey=/etc/asterisk/keys/mycert.pem ; path to private key file (*.pem) only. Date: Tue, 13 Jan 2015 10:02:08 +0000 From: Alexej Starschenko <a.starschenko at sabienzia.com> To: "asterisk-users at lists.digium.com" <asterisk-users at lists.digium.com> Subject: [asterisk-users] WSS...

...p -U asterisk >> >> # cat /etc/asterisk/http.conf >> [general] >> servername=Asterisk >> enabled=yes >> bindaddr=0.0.0.0 >> bindport=8088 >> tlsenable=yes >> tlsbindaddr=0.0.0.0:8089 >> tlscertfile=/etc/asterisk/keys/asterisk.pem >> ;tlsprivatekey=keys/asterisk.key >> >> # ls -lR /etc/asterisk/keys >> /etc/asterisk/keys: >> total 32 >> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt >> -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr >> -rw-rw-r-- 1 asterisk asterisk 8...

...t; JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt > JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt > JBB> tlsdontverifyserver=yes > JBB> tlscipher=ALL > JBB> tlsclientmethod=tlsv1 > > You are missing the tls key. > > The config name is tlsprivatekey; set that to the filename of your tls > key, akin to how tlscertfile is set. > > -JimC Thank you. The settings in sip_general_additional.conf are now: tcpenable=yes tlsenable=yes tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.pem tlscafile=/etc/pki/tls/certs/ca-bundle.crt...

CentOS-6.5 (FreePBX-2.6) Asterisk-11.14.2 (FreePBX) snom870-SIP 8.7.3.25.5 I am having a very difficult time attempting to get TLS and SRTP working with Asterisk and anything else. At the moment I am trying to get TLS functioning with our Snom870 desk-sets. And I am not having much luck. Since this is an extraordinarily (to me) Byzantine environemnt I am going to ask if any of you have gotten

...t /etc/asterisk/http.conf >>> [general] >>> servername=Asterisk >>> enabled=yes >>> bindaddr=0.0.0.0 >>> bindport=8088 >>> tlsenable=yes >>> tlsbindaddr=0.0.0.0:8089 >>> tlscertfile=/etc/asterisk/keys/asterisk.pem >>> ;tlsprivatekey=keys/asterisk.key >>> >>> # ls -lR /etc/asterisk/keys >>> /etc/asterisk/keys: >>> total 32 >>> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt >>> -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr >>> -rw-r...

...========DEVICES [webrtc1](endpoint-basic) auth=webrtc1 aors=webrtc1 [webrtc1](auth-userpass) password=secret username=webrtc1 [webrtc1](aor-single-reg) relevant part of http.conf [general] enabled=yes bindaddr=0.0.0.0 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/pki/tls/certs/pbx.crt tlsprivatekey=/etc/pki/tls/private/pbx.key -- --------------------------------------- Marek Cervenka ======================================= -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150915/45021614/attach...

...> tcpenable=yes JBB> tlsenable=yes JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt JBB> tlsdontverifyserver=yes JBB> tlscipher=ALL JBB> tlsclientmethod=tlsv1 You are missing the tls key. The config name is tlsprivatekey; set that to the filename of your tls key, akin to how tlscertfile is set. -JimC -- James Cloos <cloos at jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6

...17:53 0:06 > /usr/sbin/asterisk -g -f -p -U asterisk > > # cat /etc/asterisk/http.conf > [general] > servername=Asterisk > enabled=yes > bindaddr=0.0.0.0 > bindport=8088 > tlsenable=yes > tlsbindaddr=0.0.0.0:8089 > tlscertfile=/etc/asterisk/keys/asterisk.pem > ;tlsprivatekey=keys/asterisk.key > > # ls -lR /etc/asterisk/keys > /etc/asterisk/keys: > total 32 > -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt > -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr > -rw-rw-r-- 1 asterisk asterisk 887 janv. 6 15:59 asterisk.k...

...06:50:10] WARNING[8037] tcptls.c: FILE * open failed! ************ config ********** my http.conf --------------------- tlsenable=yes tlsbindport=8089 tlsbindaddr=0.0.0.0 ;tlscertfile=/etc/asterisk/keys/asterisk.crt tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlsprivatekey=/etc/asterisk/keys/asterisk.key tlscipher=ALL tlsclientmethod=tlsv1 ;tlsverifyclient=no ;tlsdontverifyserver=yes -- Rgds astlov

...ALING ${CHANNEL(secure_signaling)} ) exten => 600,n,NOOp( SECURE media ${CHANNEL(secure_media)} ) exten => 600,n,Answer() exten => 600,n,Playback(demo-echotest) exten => 600,n,Echo() exten => _X.,1,Dial(SIP/CM8/${EXTEN:0},30,rt) [general] tlsenable=yes tlsbindaddr=172.16.200.60 ;tlsprivatekey=/usr/local/ssl/misc/asteriskkey.pem ;tlscertfile=/usr/local/ssl/misc/asteriskcert.pem tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL ;tlscafile=/usr/local/ssl/misc/demoCA/cacert.pem tlsclientmethod=tlsv1 [6001] type=friend secret=erasmus123 callerid=&...