Hi,

how can I create a self-signed certificate for asterisk which actually works? I had one that did work, and yesterday it suddenly quit working for no reason. I had to spend hours to create another one that would finally work, and it suddenly quit working today.

The certificate verifies just fine with

openssl verify -verbose -CAfile ca.crt asterisk.pem

Yet asterisk keeps saying:

tcptls.c:173 handle_tcptls_connection: Certificate did not verify: unable to get local issuer certificate

no matter what I do until I set ‘tlsdontverifyserver=yes’ in sip.conf. Why doesn’t the error message at least say which certificate it is referring to?

Every time I have to deal with certificates, I hate that stuff more and more …

—