Asterisk websocket client fails to verify TLS certificate

regeringen · October 31, 2025, 2:09pm

We’ve defined a websocket_clients.conf connection to a target with a public and valid certificate. Connecting via curl from the server works fine, but asterisk fails with a certificate error.
ERROR[129035]: tcptls.c:203 handle_tcptls_connection: Certificate from peer '<redacted-ip-here>:443' did not verify: unable to get local issuer certificate
If i disable certificate checking (in websocket_clients.conf) it connects fine.

I’m not sure how to check why this fails specifically for asterisk. Anyone have any ideas how to troubleshoot this further?

gjoseph · October 31, 2025, 3:50pm

In your websocket_client.conf entry you need to set either ca_list_file or ca_list_path to point to a file or directory that contains the CA certificate chain that can be used to validate the server certificate.

The following should work…

For RedHat based distros…

ca_list_path = /etc/pki/tls/certs

For Debian based distros…

ca_list_path = /etc/ssl/certs

Topic		Replies	Views
Not able to connect Asterisk while trying with WSS connection Asterisk Support	5	7463	February 18, 2016
TLS verification setting Asterisk Support	0	231	May 13, 2008
Asterisk TLS not checking user certificates Asterisk Support	0	274	January 28, 2015
Howto Create a Certificate for SIP TLS asterisk.pem Asterisk Support	8	8292	December 13, 2008
Asterisk not presenting tls client cert during tls establishment Asterisk SIP	2	361	May 23, 2021

Asterisk websocket client fails to verify TLS certificate

Related topics