This problem is relevant when you configure Asterisk using the Asterisk: The Definitive Guide, 5th Edition tutorial. When adding the TLS transport to pjsip.conf.
[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0
cert_file=/home/asterisk/certs/self-signed.crt
priv_key_file=/home/asterisk/certs/self-signed.key
Next executing command in Asterisk CLI:
module reload res_pjsip.so
The following errors may occur:
[May 28 13:24:07] ERROR[3110]: res_pjsip/config_transport.c:1032 transport_tls_file_handler: Transport: transport-tls: cert_file /home/asterisk/certs/self-signed.crt is either missing or not readable
[May 28 13:24:07] ERROR[3110]: config_options.c:798 aco_process_var: Error parsing cert_file=/home/asterisk/certs/self-signed.crt at line 12 of
[May 28 13:24:07] ERROR[3110]: res_sorcery_config.c:422 sorcery_config_internal_load: Could not create an object of type ‘transport’ with id ‘transport-tls’ from configuration file ‘pjsip.conf’
That is, for some reason the folder with the self-signed certificate for Asterisk was unavailable or the certificate files were unreadable.
If you did everything according to the tutorial, then a little earlier you enabled SELinux, and the usual permissions for actions and the owner should already be in order.
Also, according to the tutorial, we create certificate files in the folder /home/asterisk/certs/. Maybe you did it in another folder by your own choice. But I will show the solution for this folder further.
So we check the SELinux context for the certificate files:
sudo ls -lZ /home/asterisk/certs
Output:
-rwxr-xr-x. root root unconfined_u:object_r:user_home_t:s0 self-signed.crt
-rwxr-xr-x. root root unconfined_u:object_r:user_home_t:s0 self-signed.key
The context is user_home_t
, but it should be asterisk_etc_t
. My /asterisk folder in the /home directory had the wrong context user_home_t
.
Solution
Switch SELinux to permissive:
sudo setenforce 0
Change the context of the /home/asterisk/ directory and all its contents to asterisk_etc_t:
sudo semanage fcontext -a -t asterisk_etc_t "/home/asterisk(/.*)?"
sudo restorecon -Rv /home/asterisk
Enable enforcing:
sudo setenforce 1
Reboot Asterisk
sudo systemctl restart asterisk
Reboot the module in Asterisk CLI
module reload res_pjsip.so
Checking transport
pjsip show transports
I created this topic because I found several similar unanswered questions that are already closed. I think, these users encountered this exact problem.
For example, these topics:
I hope this topic can help those who are learning Asterisk from a Asterisk book and have encountered this problem.