TLS/SSL Error Loading Cert File.

Home » Asterisk Users » TLS/SSL Error Loading Cert File.

January 6, 2020 Olivier Asterisk Users 3 Comments

Hello,

On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can’t find a way to enable HTTPS. Asterisk is running as asterisk:asterisk:

asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06
/usr/sbin/asterisk -g -f -p -U asterisk

# cat /etc/asterisk/http.conf
[general]
servername=Asterisk enabled=yes bindaddr=0.0.0.0
bindport

3 thoughts on - TLS/SSL Error Loading Cert File.

Antony Stone says:

January 6, 2020 at 11:43 am

Have you tried pointing to the .crt file instead of the .pem file?

Why is that commented out (and why is it a relative path)?

Try reducing the permissions on the .crt and especially the .key files, so they’re not world-readable.

Many applications will refuse to start if the certificate or key files are insecure.

Antony.

—
Salad is what food eats.

Please reply to the list;
please *don’t* CC me.

—
Olivier says:

January 6, 2020 at 12:02 pm

May I add I could successfully (if pjsip show transports has any meaning)
add a PJSIP TLS-transport with:

[transport-tls]
type=transport protocol=tls bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt priv_key_file=/etc/asterisk/keys/asterisk.key method=tlsv1

Le lun. 6 janv. 2020 à 18:33, Olivier a écrit :
Antony Stone says:

January 6, 2020 at 12:07 pm

So, that does indeed suggest that an absolute path + the .crt file instead of the .pem file might work…

—
I can tell you I wish those people just would be quiet. It would be best for the world. That’s not going to happen, so we have to work in the right fashion with these security researchers.

– Steve Ballmer, at Microsoft’s Worldwide Partner Conference in New Orleans, October 2003
– http://news.microsoft.com/speeches/steve-ballmer-speech-transcript-
microsoft-worldwide-partner-conference-2003/

Please reply to the list;
please *don’t* CC me.

—