Good day everyone
I am using Asterisk certified/13.21 and trying to configure TLS for SIP calls. I followed tutorial on official Asterisk Wiki (https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial), generated all the files by running /contrib/scripts/ ast_tls_cert. But my softphone (I use PhonerLite) connects to server without any client certificate. I dont think this is how it suppose to work. But I see this label in my softphone saying that I use tls as transport, and I can make calls.
Here’s related lines from my sip.conf:
My actual peers inherit template-sip.
What am I might doing wrong here? Maybe anyone also had the same problem?
I think you would need to enable “tlsverifyclient” to enable the client certificate verification when they connect.
I dont even see “tlsverifyclient” in config sample for sip. I think this is only a pjsip thing, and unfortunately I can’t quickly migrate to pjsip. But I’ve tried your option anyway and got no result
Why would a client need a certificate? It will always stay in the server. If public key is exchanged between the server and the client successfully, the communication will happen
I see all the setup is right here
I thought about that. But if so, why do we even need a client certificate?
It goes somewhat like this
- The client sends a request to identify the server
- The server sends a copy ssl certificate
- The client verifies if it trusts the certificate.
- The server sends digitally signed acknowledgement to start an encrypted session
- Encrypted session starts
Hence a client certificate/ key is required in the server
I think the option tlsdontverifyclient
If i try the tlsverifyclient
19:01:53] WARNING: chan_sip.c:32504 reload_config: Ignoring unsupported option ‘tlsverifyclient’