Ast_tls_cert script: ca.crt and ca.key not created

tsame · August 21, 2019, 7:14pm

Hi all. I am running Asterisk 13.27.0 via the FreePBX distro. I am using the Secure Calling Tutorial from the Asterisk wiki for encrypting calls. I have encountered a problem running the ast_tls_cert script:

./ast_tls_cert -C pbx.mycompany.com -O "My Super Company" -d /etc/asterisk/keys

According to the tutorial, running the above script should create the ca.crt and ca.key files and that you will be prompted to enter a pass phrase. What actually happens is that I am not prompted for a pass phrase and the ca.crt and ca.key files are not created (there is a ca.key and ca.crt file dated Sep 17 2017 in /etc/asterisk/keys folder). What could be the reason that the ast_tls_cert script is not creating the ca.crt and ca.key file? I am using the ast_tls_cert script available from the Asterisk GitHub page.

marcin · August 21, 2019, 8:58pm

in linux like system generate cer file & private key file:

openssl genrsa -des3 -out smime.key 4096
openssl req -new -key smime.key -out smime.csr

send csr to anybody, who creates your SSL cert, dowload cert (ie: HitMe.pl )- it will be here:
smime.crt

smime.key and smime.crt and ca.boundles you should upload to server

You can join it into one file cert

openssl pkcs12 -export -inkey ./smime.key -in ./smime.crt -out ./smime.pfx

if something is wrong with smime.crt or smime.key - trancode it like :

openssl rsa -in ./smime.key -text -des3 > smime_2.key

system · September 20, 2019, 8:58pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.