TLS

Hi, I tried it the implementation of TLS in asterisk 1.8.4.3 on ubuntu
10.04. I follow the tutorial:
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial. and I
use blink as a softphone in ny client in windows. for regular communication process (without TLS) smoothly, but when it just follow the tutorial, it is always error on his softphone: transport error.

my configuration like this:

certificate for the server : . /ast_tls_cert -C 10.4.71.27 -O “My Super Company” -d /etc/asterisk/keys

certificate for Client 1 : . /ast_tls_cert -m client -c
/etc/asterisk/keys/ca.crt
-k /etc/asterisk/keys/ca.key -C 10.4.71.24 -O “My Super Company” -d /etc/
asterisk/keys -o 1001

certificate for Client 2 : . /ast_tls_cert -m client -c
/etc/asterisk/keys/ca.crt
-k /etc/asterisk/keys/ca.key -C 10.4.71.23 -O “My Super Company” -d /etc/
asterisk/keys -o 1002

sip.conf:

[general]
context = default udpbindaddr = 0.0.0.0
tcpenable = no tcpbindaddr = 0.0.0.0
allowguest = no allow = ulaw allow = alaw allow = gsm allow = g722

tlsenable = yes tlsbindaddr = 0.0.0.0
tlscertfile = / etc / asterisk / keys / asterisk.pem tlscafile = / etc / asterisk / keys / ca.crt tlscipher = ALL
tlsclientmethod = TLSv1

[1001]
context = default type = friend username = 1001
secret = 1000
dtmfmode = rfc2833
callerid = 1001
host = dynamic transport = tls

[1002]
context = default type = friend username = 1002
secret = 1002
dtmfmode = rfc2833
host = dynamic transport = tls


extensions.conf:

[general]
static = yes WriteProtect = no

[default]
exten => 1001.1, Dial (SIP/1001, 30, tr)
exten => 1001.2, Hangup exten => 1002.1, Dial (SIP/1002, 30, tr)
exten => 1002.2, Hangup


anyone know where’s my mistake?
thanks.

2 Responses to “TLS”

  1. Administrator TOOTAI said:

    Feb 07, 13 at 7:39 am

    Le 06/02/2013 23:15, kepin sinatra a

  2. kepin sinatra said:

    Feb 07, 13 at 12:31 pm

    when i start sip reload, doesn’t appear about “SSL certificate ok”, i install asterisk with :
    ./configure –enable-xmldoc make menuselect make && make install make samples make config

    ok, maybe i try using tshark later… yes, i’m sure blink is configured for TLS. and i’ve installed the certificate in client with trusted root certification.

    any ideas?
    thank for your attention…