Asterisk 1.6.2.10
mkdir /etc/asterisk/certificates
cd /etc/asterisk/certificates/
openssl genrsa -out key.pem 1024
openssl req -new -key key.pem -out request.pem
openssl x509 -req -days 3650 -in request.pem -signkey key.pem -out certificate.pem
cp certificate.pem asterisk.pem
cat key.pem >> asterisk.pem
sip.conf
tlsenable=yes
tlsbindaddr=192.168.20.222
tlscertfile=/etc/asterisk/certificates/asterisk.something.com.pem
tlsdontverifyserver=no
tlscipher=DES-CBC3-SHA
tlsclientmethod=tlsv1
[2101]
type=friend
secret=2101
context=meetme
transport=tls
host=dynamic
rfc2833compensate=yes
disallow=all
allow=g729
nat=no
[2102]
type=friend
secret=2102
context=meetme
transport=tls
host=dynamic
rfc2833compensate=yes
disallow=all
allow=g729
nat=no
I use grandstream device,register sussceful.
e100tong*CLI> sip show peers
Name/username Host Dyn Nat ACL Port Status Realtime
2100/2100 192.168.20.113 D 5062 Unmonitored
2101/2101 192.168.20.116 D 5060 Unmonitored
2102/2102 192.168.20.116 D 5062 Unmonitored
But 2100 call 2101 display:
-- Executing [2102@meetme:1] Dial("SIP/2100-00000029", "SIP/2101") in new stack
== Using SIP RTP CoS mark 5
– Called 2101
SSL certificate ok
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Jun 21 15:49:42] WARNING[8302]: tcptls.c:218 handle_tcptls_connection: FILE * open failed!
== Spawn extension (meetme, 2101, 1) exited non-zero on ‘SIP/2101-00000029’
I have put CERTIFICATE and RSA PRIVATE KEY to grandstream’s ssl option.
what problem? Thanks Thanks Thanks Thanks Thanks !