Hello, i am newbie in the asterisk, but i managed to install and build the server and all the other stuff to setup the tls with rtp connection. So i followed this wiki page:
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
I generated all the keys, and made my sip conf like so:
[code][general]
transport=tls
tlsenable=yes
tlsbindaddr=myserver_ip:5061
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlsprivatekey=/etc/asterisk/keys/asterisk.key
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
tlsdontverifyserver=no
friends_internal
type=peer
host=dynamic
context=from-internal
disallow=all
dtmfmode=rfc2833
allow=g722
transport=tls
encryption=yes
user1
secret=pass1
type=peer
host=dynamic
context=from-internal
disallow=all
dtmfmode=rfc2833
allow=g722
transport=tls
encryption=yes
user2
secret=pass2
type=peer
host=dynamic
context=from-internal
disallow=all
dtmfmode=rfc2833
allow=g722
transport=tls
encryption=yes[/code]
Then i did setup the blink sip client for both users (user1 and user2 on different systems), and i did setup user certificates in the blink (i’am using windows). The i wanted to make sure if the tls with my certificates actually works, and i removed them from blink, and just left empty tls with rtp without any certs. And i was able to dial user2, even without certificates!! My question is, how do i force asterisk to check the certificates, and reject the users without them?
Asterisk version is latest (13) .
I hope someone can help me 