Hi - I would like to make sure if it is possible to connect to AMI from a 3rd party app using TLS certificate only. That is, without using AMI user/password for authentication.
Thanks!
Hi - I would like to make sure if it is possible to connect to AMI from a 3rd party app using TLS certificate only. That is, without using AMI user/password for authentication.
Thanks!
AMI has no such support.
So currently, the purpose of TLS option in AMI is just to encrypt the plain user/password credentials or commands on transit between client and Asterisk server - correct ?
Yes, the connection itself is TLS encrypted.
Asterisk only uses SSL/TLS to authenticate itself to the client, not the other way.
You can use challenge/response authentication to avoid sending a password in the clear (this choice is independent of whether the connection is SSL/TLS-encrypted or not). Documentation for this seems to be missing from the Asterisk Wiki; I found a description here.
Thanks for your input. I am using a C# client to communicate with Asterisk. In my case, problem with MD5 authentication is that Microsoft recommends using SHA256 or SHA512 instead of MD5 because of collision problems. I hope Asterisk provides an option for SHA256 as well sometime soon.
You could submit a feature request[1] if you wanted, but there is no guarantee or timeframe of such a thing being implemented.
Added a feature request for SHA256 auth type in AMI challenge action. For reference - Request for SHA256 authentication type in AMI Challenge Action · Issue #52 · asterisk/asterisk-feature-requests · GitHub