Hello,
i’m using FreePBX version 17.0.21. When I imported a local self-signed certificate via the certificate manager, the file “/etc/astersik/keys/default.pem” changed.
The problem was that there was a space between the private key and the certificate. This space caused the VOIP connection to no longer register with Telekom.
"
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
"
I changed the following:
"
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
"
After that, registration worked again. Can you confirm the error?
Regards, Stefan Harbich
Why should I remove the private key in the “/etc/asterisk/keys” directory? The default settings also contain two files in the “/etc/asterisk/keys” directory:
I didn’t say anything about a dedicated private key file. What I was saying is that it would be a major security breach if the private key, in a combined file, were ever leaked to the remote party, so it absolutely essential that any mechanism for handling files is foolproof with regard to removing the private key from what it sends to the other party.
TLS won’t work if that is all you share! Asterisk shares the public key of the Asterisk machine as part of the certificate, on your behalf. If that is in the same file as the private key, it has to be very careful not to share the private key at the same time, even if the file is not in the exact format that it expects.