TLS setup general / newby questions

Hello group

This is my first attempt at setting up TLS (only, no RTP yet) on Asterisk and have a couple questions for you;

   asterisk.crt  asterisk.csr  asterisk.key  asterisk.pem  ca.cfg  ca.crt  ca.key  tmp.cfg


  1. what is the difference between the asterisk.* and ca.* files?

Thank you !

This is not an asterisk question, but a certificate question… Could just google it…

But CA is an abreviation for certificate authority.

Here one of the websites that explain how certificates work:

Although people talk about Asterisk servers, for SIP Asterisk has to be both sever and client. I’m not entirely sure, but I think there are cases where it has to be client for SSL.

More generally, what sort of attack do you want to protect against? In particular, if you want to protect against a bogus telephone extension instrument, you need to authenticate that instrument.