We have asterisk application in one server(app.aakashtel.com) and client application in another server( aws.aakashtel.com ).When we want to connect websocket wss at port 7443 from server2 to server1 it show this error
[2022-08-01 14:54:22] ERROR: iostream.c:647 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
[2022-08-01 14:54:22] ERROR: tcptls.c:179 handle_tcptls_connection: Unable to set up ssl connection with peer ‘126.96.36.199:51070’
But when we install client app within the server1 where asterisk app exist then socket connection working properly. what will be the reasons.
We are planning to make asterisk in one server and client app in next server.Any one please help us.
Hello @samipm, i’m a newbie here but maybe i can help you. You should check certificates. You have at least 2 certificates working there and i resolved a similar problem using a wildcard certificate for my app.
I have checked your certificate on port 7443 and it is self-signed and as Asterisk wiki shows (“If you’ve used self-signed certificates however, your browser may not allow the connection and because the attempt is not from a normal URI supplied by the user, the user might not even be notified that there’s an issue”) .
It isn’t actually self signed, but it is signed by an enterprise CA. Any browser accessing it will need to have the certificate for:
Asterisk Private CA
installed as a trusted (root) CA, either manually, or as part of some sort of group policies mechanism.
Enterprise CAs can be good for security, if only used within the enterprise, but are not suitable if you can be accessed from arbitrary browsers. If you do have an enterprise CA, it is probably better to have it for all internal TLS use, not just for telephony.
(Obviously the certificate needs to be the actual one used for signing, not just one with the same distinguished name.)