ARI over TLS failed to work

this is my http.conf file:

;
; Asterisk Built-in mini-HTTP server
;
;
; Note about Asterisk documentation:
; If Asterisk was installed from a tarball, then the HTML documentation should
; be installed in the static-http/docs directory which is
; (/var/lib/asterisk/static-http/docs) on linux by default. If the Asterisk
; HTTP server is enabled in this file by setting the “enabled”, “bindaddr”,
; and “bindport” options, then you should be able to view the documentation
; remotely by browsing to:
; http://<server_ip>:/static/docs/index.html
;
[general]
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlsccertfile=/etc/asterisk/keys/asterisk.pem
tlsprivatekey=/etc/asterisk/keys/ca.pem

servername=Asterisk

enabled=yes

bindaddr=0.0.0.0

bindport=8088
when l sent GET to port 8088, it works fine, but when l sent GET to 8089, it just says connection refused. lt does not even get to certificate validation. What is going on?
url: “https://”+url+"/ari/asterisk/config/dynamic/res_pjsip/auth/" +somenumber

Hi .

When you test by GET to port 8089, make sure you use https:// ( ssl connection)
But if you still failed, then most probably, it means that asterisk did not accept your ssl certificate or private key. Check asterisk logs under /var/log/asterisk/

You can check if https service is running :

rasterisk -rx ‘http show status’

It should contain rows:

Server Enabled and Bound to 0.0.0.0:8088
HTTPS Server Enabled and Bound to 0.0.0.0:8089

If they exist, but you still can’t get https://:8089/ws, then check your firewall ( iptables -L -n )

1 Like

thanks for your help. l am new, and that really help. lt did have errors loading certificate, but l will make another post if l can’t get that to work. The tutorial on ARI should have these information on there besides “TLS is highly recommended”