SIP TLS connects without any client certificate

Good day everyone

I am using Asterisk certified/13.21 and trying to configure TLS for SIP calls. I followed tutorial on official Asterisk Wiki (, generated all the files by running /contrib/scripts/ ast_tls_cert. But my softphone (I use PhonerLite) connects to server without any client certificate. I dont think this is how it suppose to work. But I see this label in my softphone saying that I use tls as transport, and I can make calls.

Here’s related lines from my sip.conf:



My actual peers inherit template-sip.

What am I might doing wrong here? Maybe anyone also had the same problem?

I think you would need to enable “tlsverifyclient” to enable the client certificate verification when they connect.

I dont even see “tlsverifyclient” in config sample for sip. I think this is only a pjsip thing, and unfortunately I can’t quickly migrate to pjsip. But I’ve tried your option anyway and got no result :frowning:

Why would a client need a certificate? It will always stay in the server. If public key is exchanged between the server and the client successfully, the communication will happen

I see all the setup is right here

I thought about that. But if so, why do we even need a client certificate?

It goes somewhat like this

  1. The client sends a request to identify the server
  2. The server sends a copy ssl certificate
  3. The client verifies if it trusts the certificate.
  4. The server sends digitally signed acknowledgement to start an encrypted session
  5. Encrypted session starts

Hence a client certificate/ key is required in the server

I think the option tlsdontverifyclient

If i try the tlsverifyclient
19:01:53] WARNING[10479]: chan_sip.c:32504 reload_config: Ignoring unsupported option ‘tlsverifyclient’