Asterisk As TLS Server As Well As TLS Client

Home » Asterisk Users » Asterisk As TLS Server As Well As TLS Client
Asterisk Users 6 Comments

Hi,

I have to connect 3 Asterisk servers,each of them being TLS server for his clients and connected in both way in TLS with both others asterisk, each having hi own Common Name. Is this possible?

I set up 2 asterik’s , one server and the other client, this is OK. But I can’t deal with certificats generated on both servers.

I tried to put tlscertfile ans tlscafile in the peer definition, each pointing to the certificate generated by the server, but thatś not working.

Thanks for any hint.


Daniel

6 thoughts on - Asterisk As TLS Server As Well As TLS Client

  • Asterisk doesn’t seem to implement mutual TLS authentication, see the comments in this thread:

    http://java.net/projects/jitsi/lists/users/archive/2012-08/message/37

    People who want strong TLS typically use a SIP proxy as a front-end to Asterisk, either repro or Kamailio stand out as leaders in TLS support

    http://www.opentelecoms.org/use-a-sip-proxy-instead-of-asterisk

    At the bottom, there are links to some practical guides how to use either repro or Kamailio with Asterisk

  • This is all “nice and good” but the documentation all assumes that you are on a Debian box and use MYSQL. What about us SUSE/Postgresql folks?

    —–Original Message—–
    From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] Asterisk doesn’t seem to implement mutual TLS authentication, see the comments in this thread:

    http://java.net/projects/jitsi/lists/users/archive/2012-08/message/37

    People who want strong TLS typically use a SIP proxy as a front-end to Asterisk, either repro or Kamailio stand out as leaders in TLS support

    http://www.opentelecoms.org/use-a-sip-proxy-instead-of-asterisk

    At the bottom, there are links to some practical guides how to use either repro or Kamailio with Asterisk

  • They are both good questions, and there are partial answers:

    SUSE:
    reSIProcate can be built from source on a large number of platforms. I
    recently converted the upstream project to autotools, this should make it straightforward to build (and even package it) for SUSE. There has been some mention of RPM packaging on the resiprocate dev email list. I’m even working on it for OpenCSW at the moment.

    Postgresql:
    This is a bigger challenge.
    – Scott recently added the MySQL support for the 1.8 release, before that there was no working DB support, just BDB files.
    – It should probably be generalised for UNIXODBC or something like that, I actually used that approach in dynalogin. However, it will probably need someone to volunteer or present a commercial opportunity to enhance it like that.

    As for the guides: to make it easy, they talk about what exists today. Once the RPM packages appear in Fedora or SUSE, I will definitely update the guides, there is no hidden agenda to force people onto Debian.

  • Le 20/08/2012 17:02, Daniel Pocock a écrit :

    Thanks for those informations.

    Regards


    Daniel