similar to: TLS on SIP trunk

Hi All, I have a sip trunk up and running with a CUCM Express, passing calls fine except for a comfort noise error I'm getting on Asterisk: NOTICE[7520]: rtp.c:788 in process_rfc3389: Comfort noise support incomplete in Asterisk (RFC 3389). Please turn off on client if possible. Client IP: x.x.x.x I know Asterisk does not support comfort noise. I have "no comfort noise" on all

On 7/5/19 9:32 PM, John Runyon wrote: > On Fri, 5 Jul 2019 at 14:28, hw <hw at gc-24.de <mailto:hw at gc-24.de>> wrote: > > I thought about that and checked the configuration I've been using to > create the certificate, and I can't see anywhere that it would expire > earlier than after 3650 days.  Is there another way to check this? > >

Hi All, I'm on a middle of an asterisk installation/configuration for my company and I'm testing the TLS configuration. For this reason, I used the ast_tls_cert script to build the ssl certificates for my server. On sip.conf file: tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 and on

On Tue, March 3, 2015 13:37, James Cloos wrote: >>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: > > JBB> tcpenable=yes > JBB> tlsenable=yes > JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt > JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt > JBB> tlsdontverifyserver=yes > JBB>

On 7/6/19 10:40 AM, Michael Maier wrote: > On 05.07.19 at 22:02 hw wrote: >> >> openssl verify -CAfile ca.pem asterisk.pem >> asterisk.pem: OK >> >> >> When I set tlsdontverifyserver=yes, it works (i. e. asterisk registers >> to the SIP provider and there is no error message).  Otherwise I'm >> getting the error message and asterisk does not

Hi, I followed the TLS/SRTP tutorial on the wiki [0] using Asterisk 11.8.1 on CentOS 6.5 x86_64 and CSipSimple on a Nexus with Android 4.4.x local wifi. The phone seems to register but directly after that things fall apart (turning SELinux off made no difference): *CLI> -- Registered SIP 'encrypted' at 10.0.0.137:58079 > Saved useragent

I'm in the process of testing a TLS/SRTP install. My experience is improving with each new challenge, but this one is a great test of my 2 month experience with Asterisk. When I dial 6003 from 6001, it takes 35 seconds until I get the error message that 6003 is circuit-busy. Any help would greatly be appreciated. Below is the error message and the extensions and sip.conf files. *CLI>

Hey there i'm trying to get an Asterisk 11.11 with encryption working with my Grandstream phones. But i stuck. To avoid NAT problems i'm using IPv6 Just with TCP/TLS it's working fine. Only the SRTP funktion is not working. Asterisk tells me WARNING[6938]: chan_sip.c:3906 __sip_xmit: sip_xmit of 0x7fa10800f5a0 (len 681) to [2a02:1205::...]:37635 returned -2: Success and also SSL

If I have Asterisk setup with local SIP phones configured but need to call a SIP phone which is not local but actually on another VLAN, what would the dialplan need to look like? ? Could the Asterisk dialplan directly call a SIP phone which is not a local phone within its sip.conf and dialplan, if the Directory Number and IP is known (or host name)? ? Didn't plan on needing a SIP trunk so

Hi, I tried it the implementation of TLS in asterisk 1.8.4.3 on ubuntu 10.04. I follow the tutorial: https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial. and I use blink as a softphone in ny client in windows. for regular communication process (without TLS) smoothly, but when it just follow the tutorial, it is always error on his softphone: transport error. my configuration like

If I were guessing, based on some experience with certificate usage in other apps, concatenate your certificate and intermediate certificates into a single file which is then your "tls certfile" then point "tls cafile" to your issuers proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt. Nick On 06/08/2020 16:36, MAS Jean-Louis via samba

Nobody has any clues about the tls cafile ? Regards Le 04/08/2020 ? 15:18, MAS Jean-Louis via samba a ?crit?: > I have several samba servers on Debian 10 all using : > > samba 2:4.9.5+dfsg-5+deb10u1 amd64 > > I use tls cafile, tls certfile and tls keyfile with certificates from > Sectigo (https://cert-manager.com) > > And when checking my connexion from the

I'm trying to integrate my Asterisk box with my call manager 8 server. I can call from the call manager to a phone on asterisk, but I can't call from a phone on asterisk to call manager. Any help would be greatly appreciated. sip.conf [2000] type=friend secret= dtmfmode=rfc2833 host=dynamic canreinvite=no context=myphones allow=ulaw nat=yes [2001] type=friend secret= dtmfmode=rfc2833

If SIP channel driver needs to connect to a remote GW over a dedicated SIP trunk BUT the remote GW has a 'standby' in case of failure, how can the sip configuration file be configured for the remote GW when there are actually two IP addresses. If the main remote GW fails control automatically switches to the standby GW, so how could the SIP configuration file hande this switch and support

>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: JBB> tcpenable=yes JBB> tlsenable=yes JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt JBB> tlsdontverifyserver=yes JBB> tlscipher=ALL JBB> tlsclientmethod=tlsv1 You are missing the tls key. The config name is

Hi, how can I create a self-signed certificate for asterisk which actually works? I had one that did work, and yesterday it suddenly quit working for no reason. I had to spend hours to create another one that would finally work, and it suddenly quit working today. The certificate verifies just fine with openssl verify -verbose -CAfile ca.crt asterisk.pem Yet asterisk keeps saying:

On Mon, Apr 21, 2014 at 04:51:00PM -0600, Nathaniel Cook wrote: > I have been trying to get set of libvirtd system up and running. My PKI > infrastructure involves a root CA and several intermediate CAs. I am trying > to get the machines to trust each other across the different intermediate > CAs. > > This is what I have so far: > > Libvirtd is starting and listening on

Hi all, We're testing TLS and SRTP on Asterisk 1.8.10.0 and have it working with a commerical (not self-sign) AlphaSSL wildcard (GlobalSign) using Blink Lite 1.6.2 as per https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial We've tested with Bria on an iPhone and that doesn't recognised the commercial CA (GlobalSign Root CA). On a Yealink 28P with V60/V61 is registers

I have several samba servers on Debian 10 all using : samba 2:4.9.5+dfsg-5+deb10u1 amd64 I use tls cafile, tls certfile and tls keyfile with certificates from Sectigo (https://cert-manager.com) And when checking my connexion from the samba server, or from outside, I've got "unable to verify the first certificate" even if tls_cafile is provided in smb.conf. What is wrong

On 11.01.2018 13:20, Hauke Fath wrote: >/On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: />>/Was the certificate path bundled in the server certificate? />/No, as a separate file, provided from the local (intermediate) CA: />//>/ssl_cert = </etc/openssl/certs/server.cert />/ssl_key = </etc/openssl/private/server.key />/ssl_ca =