[SOLVED] Error when I try to enable the TLS transport in PJSIP Asterisk

Asterisk Asterisk SIP
1

Error when I try to enable the TLS transport in PJSIP Asterisk, bellow the log and the settings used:

[Jan 18 11:00:26] ERROR[20572]: res_pjsip/config_transport.c:701 transport_tls_file_handler: Transport: tls-transport: cert_file /etc/asterisk/keys/asterisk.crt is either missing or not readable
[Jan 18 11:00:26] ERROR[20572]: config_options.c:796 aco_process_var: Error parsing cert_file=/etc/asterisk/keys/asterisk.crt at line 25 of
[Jan 18 11:00:26] ERROR[20572]: res_sorcery_config.c:338 sorcery_config_internal_load: Could not create an object of type ‘transport’ with id ‘tls-transport’ from configuration file ‘pjsip.conf’

[tls-transport]
type=transport
protocol=tls
bind=0.0.0.0
external_media_address=x.x.x.x
external_signaling_address=x.x.x.x
local_net=192.0.2.0/24
local_net=127.0.0.1/32
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
method=tlsv1

I create the certificate using this guide:
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
PART 1

adding: my global settings:
[global]
type=global
keep_alive_interval=30
disable_multi_domain=yes

2

This issue was solved after change the permission of certificate file to 755 and change the owner from root to asterisk.

3

You should change the mode to 400 or at least 444. There is no legitimate reason for execute permission and the only time you should ever want to write to it is manually, so you can relax the permission just for that.

1 Like