How can be sure that my TLS is working properly? Which files?which options?
My asterisk version is: 13.8.0
Actually i have compiled my asterisk with crypto with ssl and with srtp. But when i change ip phone’s transport option as a TLS so it could not register to asterisk. But when i change transport option to UDP so ip phone is registered.
If using chan_sip then TLS configuration has to be done in sip.conf. If using chan_pjsip then TLS configuration has to be done in pjsip.conf. Both files have samples which show the options for TLS. You also need to create suitable certificates. A tutorial for chan_sip is on the wiki[1].
[1] https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
Why certificate must be created for TLS?
Do we have to create certificate?
Do we have to create certificate for each of sip user agents?(create certificate for each clients and copy these certificates to each of the sip clients??)
If we don’t create certificate for clients but only create for asterisk so system works without any problem?
If we don’t create any certificate neither for asterisk nor sip clients so TLS stil works?
Yes you need the certificates for this process to work.
Did you read the WIKI article? It explains it.
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
“Setting up TLS between Asterisk and a SIP client involves creating key files, modifying Asterisk’s SIP configuration to enable TLS, creating a SIP peer that’s capable of TLS, and modifying the SIP client to connect to Asterisk over TLS.”
Yes . Your answer is only for one of my question. I have other questions too.
Asterisk has to have a certificate. Most phones also require a certificate, if they don’t then they will self-generate and since they are not issued by your certificate authority you have to disable checking.