Hi Everyone,

I am trying to configure gd_bundle for my asterisk server. But I am unable to configure it. When i am configuring my SSL certificate in asterisk, i am getting the below warning in SSL Checker -

Certificate Chain Complete?

A valid Root CA Certificate could not be located, the certificate will likely display browser warnings.

Http.conf file -

[general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes
tlsbindaddr=0.0.0.0:443
tlscertfile=/etc/asterisk/keys/ssl_cert.pem
tlsprivatekey=/etc/asterisk/keys/private_key.key
tlscipher=XXXXX-XXXXXX-XXXXXXXXXX
tlsservercipherorder=yes
sessionlimit=300

Can you please help me on how to correctly configure the SSL and gd_bundle for Webrtc?

Version - Asterisk 16.13

This appears to be for the deprecated chan_sip, due for removal next year.

I’m not familiar with the term gd_bundle.

Where did you install the certificate corresponding to the key that you used to sign ssl_cert.pem?

You seem to be missing at least one of tlscafile and tlscadir, so Asterisk will not be able to verify certificates it receives from other parties.

Searching gd_bundle, tomcat - Discerning GoDaddy SSL Certificate Types - Server Fault suggests to me that you get three files which you need to, if necessary, convert to PEM format, then concatenate in the order subject, intermediate, root.

tlsca* will depend on what, if anything, is signing remote party certificates.

I expect the checker will need to know and trust Go Daddy’s root certificate, but then my web search suggests that is also from Go Daddy, so it presumably does.

Note.

1. You failed to mention Go Daddy, at all.

2. When posting configurations and logs, it is important to mark them up as preformatted text, otherwise they will be interpreted as forum mark up.