WebRTC - Unable to register browser client to asterisk server

I am unable to connect the web browser client to the asterisk WebRTC server. I am getting some SSL related errors. But I am able to connect individual applications like JSSIP sample mobile applications created for android and iOS.

Asterisk version: 13.38.2
web client URL: https://tryit.jssip.net/

Received error message:

[Apr 27 04:19:10] ERROR[267507]: tcptls.c:753 handle_tcptls_connection: Problem setting up ssl connection with peer '[[CLIENT_PUBLIC_IP]:13537](http://[CLIENT_PUBLIC_IP]:13537/)': error:00000001:lib(0):func(0):reason(1), Internal SSL error
[Apr 27 04:19:10] WARNING[267507]: tcptls.c:845 handle_tcptls_connection: FILE * open failed from peer '[[CLIENT_PUBLIC_IP]](http://[CLIENT_PUBLIC_IP]:13537/)'!

I am having an asterisk server in the cloud which has a public IP address, domain name and is loaded with Let’s encrypt certificates. I am able to register the JSSIP sample mobile application to the server and am able to make test calls. When I try to register the JSSIP browser client to the server I am seeing the above given errors in the asterisk console.

I researched about this in the forums and few tickets were saying that this error might occur while using the Self Signed Certificates and can be resolved by accepting the certificates in the client browser. But I am not clear about this process and also not sure this will work for Let’s encrypt certificates.

rtp.conf file from Asterisk:

[general]
rtpstart=10000
rtpend=20000
icesupport=yes

[ice_host_candidates]
local_IP => public_IP

Please let me know if any more details are needed.
Thanks in advance!

The browser should already have the self signed certificates used by LetsEncrypt (there is generally a self signed certificate in every real world TLS setup, but mostly they are the ones pre-installed in the OS or browser). What people are saying about self-signed certificates only applies when the browser doesn’t have prior knowledge.

Why have you provided rtp.conf when that is not the file that provides the TLS settings.

If you are concerned about security, you should not be using a past end of life version of Asterisk.

If you are using a WebRTC, you should not be using anything but one of the leading edge sub-versions of Asterisk.

Thanks for the quick reply @david551.

I missed to add one more point here. I was trying to connect with an asterisk server which is running in the AWS US East(Ohio) region. Now I have created a new AWS instance in the Asia Pacific(Mumbai) region with the same asterisk version and configurations. I am able to connect to my browser client successfully and I don’t see any SSL certificate related errors anymore. Is this something related to the region?

You supply all the certificates for the server, so where it is installed should not affect certificate validity.

(I could imagine problems with browsers in different regions, but that doesn’t seem relevant here. For example, I doubt if any properly maintained browser in the US will now accept a Russian signed certificate - although strangely it seems they may not have had a public CA before March, so it more a case that it is possible theirs will get added in some countries, rather than removed in the US).

Alright. Actually I had WebRTC call inconsistency issue in Asterisk-13 with chan_sip. I tried various approaches and fixes. After all, I resolved the call inconsistency issue by going to Asterisk-16.25.3 with chan_pjsip and there are no inconsistency issues anymore.

Still I could not able to connect to the US server from my browser. As of now I don’t need it. So leaving it as it is.

Thank you so much for your response @david551.