Hi all!
I set asterisk so that calls can be answered from a webpage via jssip(sip/Webrtc)
was able to successfully register on the webpage and when calling from the softphone I receive notifications on my webpage and the call ends immediately with a message in the console. Call ended {reason: terminated}
and in the console asterisk is the following message:
ERROR[31454][C-00000005]: res_rtp_asterisk.c:3165 __rtp_recvfrom: DTLS failure occurred on RTP instance ‘0x562193122c30’ due to reason ‘certificate verify failed’, terminating
/var/log/asterisk/messages:
tcptls.c: TLS/SSL error loading cert file. <asterisk.pem>
[Sep 21 15:33:22] ERROR[55721] tcptls.c: 0048E47EDB7F0000:error:80000002:system library:file_ctrl:No such file or directory:…/crypto/bio/bss_file.c:297:calling fopen(asterisk.pem, r)
0048E47EDB7F0000:error:10080002:BIO routines:file_ctrl:system lib:…/crypto/bio/bss_file.c:300:
0048E47EDB7F0000:error:0A080002:SSL routines:use_certificate_chain_file:system lib:…/ssl/ssl_rsa.c:448
my sip.conf
[general]
udpbindaddr=0.0.0.0:5060
tlsenable=yes
tlsbindaddr=0.0.0.0:5061
websocket_enabled = true
websocket_write_timeout = 500
transport=udp,tls,ws,wss
[1001]
type=friend
host=dynamic
secret=1234
context=ext_1001
srvlookup=no
encryption=yes
avpf=yes
icesupport=yes
directmedia=no
transport=udp,tls,ws,wss ;
force_avp=yes ;
dtlsenable=yes ;
dtlsverify=yes ;
dtlscertfile=/etc/asterisk/cert/asterisk.pem
dtlssetup=actpass
srtpcapable=yes
allow=all
allow=ulaw
allow=gsm
rtcp_mux=yes
[1002]
type=friend
host=dynamic
secret=1234
context=default
my http.con
[general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/asterisk/cert/asterisk.pem
generated the certificate using the command:
contrib/scripts/ast_tls_cert -C pbx1.mycompany.local -O “My Company” -d /etc/asterisk/keys
Asterisk has configured all user rights for accessing certificates
sudo -u asterisk cat /etc/asterisk/cert/asterisk.pem will successfully print the contents of the certificate
also tried this command
sudo openssl verify /etc/asterisk/keys/asterisk.pem
CN = pbx1.my.local, O = My Company
what do I get as a result?
error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/asterisk/keys/asterisk.pem: verification failed
OS Ubuntu 22.4
asterisk 18
Please explain to me what I was wrong about, I assumed that the certificate was generated incorrectly, but how can I generate it differently so that the error disappears?
Please share!
Thank you!