Hi,
I have been using the same process to configure TLS on AMI since Asterisk 11, now on Asterisk 20 I am getting this error when I try to connect through port 5039:
For what it’s worth, I did a diff of the ast_tls_cert script between two different versions of the Debian package for Asterisk (one for Asterisk 16.x, the other for Asterisk 20), and this is all I found:
ldo@theon:asterisk-debian> diff -u asterisk-*/contrib/scripts/ast_tls_cert
--- asterisk-16.15.0~dfsg/contrib/scripts/ast_tls_cert 2020-11-20 01:34:40.000000000 +1300
+++ asterisk-20.0.0~dfsg+~cs6.12.40431414/contrib/scripts/ast_tls_cert 2022-10-20 03:31:39.000000000 +1300
@@ -49,7 +49,7 @@
create_cert () {
local base=${OUTPUT_DIR}/${OUTPUT_BASE}
echo "Creating certificate ${base}.key"
- openssl genrsa -out ${base}.key ${KEYBITS:-1024} > /dev/null
+ openssl genrsa -out ${base}.key ${KEYBITS:-2048} > /dev/null
if [ $? -ne 0 ];
then
echo "Failed"
@@ -87,7 +87,7 @@
-f Config filename (openssl config file format)
-c CA cert filename (creates new CA cert/key as ca.crt/ca.key if not passed)
-k CA key filename
- -b The desired size of the private key in bits. Default is 1024.
+ -b The desired size of the private key in bits. Default is 2048.
-C Common name (cert field)
This should be the fully qualified domain name or IP address for
the client or server. Make sure your certs have unique common