TLS

Report
Question
Hi, I tried it the implementation of TLS in asterisk 1.8.4.3 on ubuntu 10.04. I follow the tutorial: https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial. and I use blink as a softphone in ny client in windows. for regular communication process (without TLS) smoothly, but when it just follow the tutorial, it is always error on his softphone: transport error.

my configuration like this:

certificate for the server : . /ast_tls_cert -C 10.4.71.27 -O "My Super Company" -d /etc/asterisk/keys

certificate for Client 1 : . /ast_tls_cert -m client -c /etc/asterisk/keys/ca.crt -k /etc/asterisk/keys/ca.key -C 10.4.71.24 -O "My Super Company" -d /etc/ asterisk/keys -o 1001

certificate for Client 2 : . /ast_tls_cert -m client -c /etc/asterisk/keys/ca.crt -k /etc/asterisk/keys/ca.key -C 10.4.71.23 -O "My Super Company" -d /etc/ asterisk/keys -o 1002

sip.conf:

[general] context = default udpbindaddr = 0.0.0.0 tcpenable = no tcpbindaddr = 0.0.0.0 allowguest = no allow = ulaw allow = alaw allow = gsm allow = g722

tlsenable = yes tlsbindaddr = 0.0.0.0 tlscertfile = / etc / asterisk / keys / asterisk.pem tlscafile = / etc / asterisk / keys / ca.crt tlscipher = ALL tlsclientmethod = TLSv1

[1001] context = default type = friend username = 1001 secret = 1000 dtmfmode = rfc2833 callerid = 1001 host = dynamic transport = tls

[1002] context = default type = friend username = 1002 secret = 1002 dtmfmode = rfc2833 host = dynamic transport = tls

extensions.conf:

[general] static = yes WriteProtect = no

[default] exten => 1001.1, Dial (SIP/1001, 30, tr) exten => 1001.2, Hangup exten => 1002.1, Dial (SIP/1002, 30, tr) exten => 1002.2, Hangup

anyone know where's my mistake? thanks.
Asterisk Users 2.4 years ago 2 Answers

Answers ( 2 )

  1. Administrator TOOTAI
    +1
    February 7, 2013 at 07:39 am
    Reply

    Le 06/02/2013 23:15, kepin sinatra a

  2. kepin sinatra
    +1
    February 7, 2013 at 12:31 pm
    Reply

    when i start sip reload, doesn't appear about "SSL certificate ok", i install asterisk with : ./configure --enable-xmldoc make menuselect make && make install make samples make config

    ok, maybe i try using tshark later... yes, i'm sure blink is configured for TLS. and i've installed the certificate in client with trusted root certification.

    any ideas? thank for your attention...

 Prev question

Next question