Asterisk SIP-TLS Issue

Hi There,

We have configured an Asterisk Server 16.21.1 on ubuntu 20.04 OS and configured certificate using lets encrypt. We are able to register BRIA extension to this server over TLS and calls working with SRTP.

However, when we try to create a SIP trunk with service provider or other vendors, we are getting below error on asterisk console and trunk doesn`t come up.

==========================================================
tcptls.c:203 handle_tcptls_connection: Certificate from peer ‘xx.xx.xxx.xx:zzzz’ did not verify: unable to get local issuer certificate

When we verify the SSL certificate for remote side using below command, it verifies ok.

openssl s_client -connect xxx.xxx.xxxx.xxx:zzzz
Verify return code: 0 (ok)

So, it appears that asterisk somehow not recognizes the certificate presented by remote side servers.

Has anyone experienced similar issue and how to go about troubleshooting the same?

Regards,
Sandip

Who was the issuer? Do you have a copy of the issuer’s certificate.

Thank you for your response. This is working after we changed to pjsip instead of sip.