Asterisk 1.8 TLS problem

hemanshurpatel · May 11, 2011, 5:32am

I am using Asterisk 1.8.3.3
I have configured TLS with SRTP.
SRTP is working fine.

When i Tried to register phone with TLS support it gives me following error message

Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

I have created Self Signed Certificate and root CA.
I have installed Rootca certificate to client’s phone as well.

I have followed voip-info.org/wiki/view/SIP+TLS for configuration.

Can anyone help me in TLS functionality, What am i missing?

Hemanshu

malcolmd · May 11, 2011, 1:16pm

Here’s a howto for TLS using Blink:

wiki.asterisk.org/wiki/display/ … g+Tutorial

Cheers.

hemanshurpatel · May 11, 2011, 1:30pm

Thanks a lot.
I will try with this link tomorrow and will keep posted.

hemanshurpatel · May 12, 2011, 7:02am

Hmm yeah it worked.
Thank a lot.

Now i am having a new problem.
As per code Peer to peer calling wont work with SRTP.
I need to make it work so that there is not much load on server even with SRTP.

Do anyone know anything about making it Peer to Peer.
i have checked all conventional ways which were working with version 1.4 or lower, but ther aint working.
canreinvite=yes
directmedia=1
have tried all but all in wein.

Can anyone suggest the solution?

david55 · May 12, 2011, 7:44am

I rather suspect that Asterisk does not support end to end key negotiation. From what I gather, even getting SRTP to work in strict back to back user agent mode was not easy.

I could be wrong.

hemanshurpatel · May 12, 2011, 9:11am

Thanks david
But in old version 1.4.X i had made it work
But the code and architecture has changed a lot in 1.8 and i had just taken 1.8 yesterday.
may be in few days of code studying i will do it again.

david55 · May 12, 2011, 10:34am

I don’t believe 1.4 supports SRTP at all!

hemanshurpatel · May 12, 2011, 10:38am

no it dont by default
but there are patches available which i applied and it was/is working fine on that version.

system · June 21, 2011, 12:44pm

Hemanshu, Did you get SRTP peer to peer working? I am facing the same issue.

hemanshurpatel · June 21, 2011, 1:01pm

yups its working
i have made it work for 1.4.X and so for 1.8.3.3

system · June 22, 2011, 5:25am

Thats great! Can you please let me know the steps?

system · June 23, 2011, 7:04am

Can you update the steps Hemanshu?

insanlaksana · February 5, 2013, 8:12pm

i’m trying to set up TLS in asterisk 1.8.4.3 and ubuntu 10.04. and blink as client in windows.
I’ve followed the tutorial : wiki.asterisk.org/wiki/display/ … g+Tutorial.
but when i’m trying to call, always error: TRANSPORT ERROR in blink.

any ideas?
thanks.