2 thoughts on - Asterisk 1.8 Secure SIP Session Only

• Your CA cert is missing.

  Add in sip.conf:

  tlscafile=/etc/asterisk/keys/ca.crt

  You don’t need:
  tlscapath=/etc/asterisk/keys

• Thank you Markos, finally was able to secure SIP session with TLS between server & client.

  Thanks for you support!

  From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] Hello, I am trying to secure SIP session with TLS on Asterisk Server 1.8. I keep getter an error,

  == Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
  [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed!

  I tried both signed and self-signed cert to no avail.

  Here is my Configuration:

  Sip.conf

  tlsenable=yes

  tlsbindaddr=0.0.0.0

  tlscertfile=/etc/asterisk/keys/box1.pem

  tlscapath=/etc/asterisk/keys

  tlscipher=ALL

  tlsclientmethod=tlsv1

  sip.conf ext.

  [5006]

  type=peer

  context=sipext

  call-limit=3

  trustrpid=no

  callerid=”Rec” <5006>

  disallow=all

  allow=ulaw

  allow=alaw

  username=5006

  secret=9fcbb025200881850526bc57d59885c3

  dtmfmode=rfc2833

  host=dynamic

  mailbox=5006

  nat=yes

  canreinvite=no

  transport=tls

  == Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
  [2016-05-04 09:31:17] WARNING[30032]: tcptls.c:254 handle_tcptls_connection: FILE * open failed!

  Any ideas?