Hello guys , I am working on asterisk webrtc on asterisk 13.25 using sipml5 phone. Everything is working properly like inbound and outbound call but to login any extensions , i have to manually allow the ssl exception using URL https://XXX.XXX.X.XXX:8089/httpstatus on the browser.
But i don’t want to allow exception manually .So i need help to understand this issues and how to resolve it? Thanks.
Self-signed certificates are almost completely useless now days. None of the major browsers will allow self-signed certificates without explicit permission request, and major warnings (see Firefox for that).
You have some options. You can make a self-signed CA, while that sounds like the same thing it is NOT. Watch this video: https://youtu.be/DTlx3Lhdq40 that explains all this. Basically it means that you need to deploy the self-signed CA on all the computers that will be using this.
Clearly this isn’t a public/production solution, so in that case there are some options:
Self Hosted
Let’s say your WebRTC solution is a public service, then you will want say Apache to host a reverse proxy on a secure port, and reverse proxy the traffic to your web socket connection of Asterisk. Doing this makes the apache service the front line, and also allows you to use Lets Encrypt with the certbot service to obtain and maintain an SSL for you. (Assuming you have a public IP or domain under your control)
Hosted SAAS
Let’s say you are using AWS or something like that, then just spin up an Application Load Balancer. Doing this exposes a live SSL port with Amazon Signed certificate as your perimeter, that forwards web socket connections to Asterisk. The nice thing about this solution is that as the name says, it’s also a load balancer, so scaling out is no problem.
(I don’t have a video for these solutions, but get a lot of requests about this, so will probably do something)
Whilst this doesn’t sound like an Asterisk problem, but rather a simple SSL one, my understanding of Asterisk and WebRTC is that it is almost essential to use the latest version of everything, as WebRTC is a moving target.
Asterisk 13 is no longer supported, and Asterisk 13.25 is about 12 sub-versions out of date, even within Asterisk 13.
This video also covers the SSL creation and how to use it:
Thanks a lot ,finally i did it using self signed certificate.Your video is very helpful for me.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.