SSL issues with built-in HTTP server

I’m trying to build an app with PHPARI, but I can’t connect to my Asterisk because I get a SSL issue:

[2022-11-28 11:36:44] ERROR[18952]: iostream.c:647 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
[2022-11-28 11:36:44] ERROR[18952]: tcptls.c:179 handle_tcptls_connection: Unable to set up ssl connection with peer 'X.X.X.X:52889'
[2022-11-28 11:36:44] ERROR[18952]: iostream.c:552 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error

Here’s the configuration of my http.conf file:

tlsenable=yes          ; enable tls - default no.
tlsbindaddr=0.0.0.0:8089    ; address and port to bind to - default is bindaddr and port 8089.

tlscertfile=/etc/asterisk/keys/fqdn.crt
tlsprivatekey=/etc/asterisk/keys/fqdn.key

I’ve bought a SSL certificate on gandi.net

On my browser, the connection is valid with this URL : https://fqdn:8089/ari
At first I had the same error with Postman, but after specifying the intermediate CA certificate in Postman preferences, it works.
Now I don’t know how I have to setup Asterisk or my client to use this intermediate certificate.

Do you know how to solve it?

Thank you,
Julien

I believe you have to include it in the certfile, along with the leaf certificate.

Also, you should be able include it as a trusted intermediate on the client.

Thank you! I concatenated the certificates and now it works with postman (without adding intermediate certificate in preferences) and it works with simple PHP code.

But it does not work with PHPARI library. I have to make more tests to debug it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.