In this article:
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
It perfectly describes how to enable TLS with an SSL certificate - although it describes “My Super Company” as the certificate organization and makes a self signed certificate - it easy enough to apply this to a real Certificate Authority and have an actual secure calling environment - my question is… is it possible to have Asterisk reject connections if they don’t come in presenting the generated “client certificate” (as described)
In my phone (Yealink), I can install certificates and it can accept (only legitimate) certificates - I have managed to make my phone reject the self signed certificate presented by asterisk (and when i changed it a real CA, it accepted it).
But now I want Asterisk to do the same… I would like asterisk to reject any certificate except the one I export and install into the phone… essentially making it secure from both sides, and only phones that have the actual client certificate can connect to the box… possible?