Hello,
I m having asterisk-1.8.3.2 installed on my fedora -13 system. I have make the configuraiton of TLS and SRTP on my system.
I have self signed certificate files. I have followed the below link :
voip-info.org/wiki/view/SIP+TLS
voip-info.org/wiki/view/Asterisk+SRTP
I m trying to register x-lite-5.0 softphone, but its not getting registered with “transport=tls”.
sip.conf
Can you please tell me what i m missing here ?
The softphone gets registered but I m getting following error :
Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sign the phone’s certificate using a certifying authority known to your Open SSL implementation, or add the signing certificate used by the phone to the Asterisk SSL configuration.
Asterisk is unable to verify the authenticity of the phone because there is no chain of trust between it and anything that Asterisk is configured to trust.
Thank you for your reply.
I m using blink softphone. Will you please guide me how to Sign the phone’s certificate to my Open SSL implementation ?
or how to add the signing certificate used by the phone to the Asterisk SSL configuration ?
-Thanks
Thank you for your reply.
I m having the self signed certificate.
When I try to verify it, i m getting following :
[quote]
openssl verify -CApath /etc/pki/tls/certs /etc/asterisk/certificates/my_ca.pem
/etc/asterisk/certificates/my_ca.pem: C = IN, ST = Guj, L = City, O = company, OU = section, CN = my_ca
error 18 at 0 depth lookup:self signed certificate
OK[/quote]
Will you please guide me for this ?
I have followed below link :
wiki.asterisk.org/wiki/display/ … g+Tutorial
I have registered the blink phone and i can make the calls. Its working fine. but I m still having the following on my CLI :
Any help pls.
Any help in this issue pls.
Hello,
I have changed the asterisk version to 1.8.15.0 still have the same issue.
Any guidance pls.
My calls are working properly with tls and srtp. But still on CLI, I m getting following :
[quote] == Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Aug 23 10:09:17] WARNING[15842]: tcptls.c:239 handle_tcptls_connection: FILE * open failed!
[/quote]
Any Suggestions please.
I presume you have somehow turned off authentication of the peer, but it is still trying to authenticate, and then ignoring the resulting security problem.
Thank you very much for you reply.
I have followed https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
Below is my whole configurations :
sip.conf
files in /etc/asterisk/keys :
Will you please guide me, what is missing here ?
I presume that tlsdontverifyserver is causing it to ignore the fact that you haven’t installed the root certificate properly, but it is doing so only after trying to fetch it. If you think you are safe from man in the middle attacks, I wouldn’t worry further. Otherwise read the URL I gave you before more carefully, particularly the bit about using the hash as the file name.