Encryption for manager.conf

Hello together,

i want to setup a PBX which is reachable from the internet.
I already setup everything with IDS and TLS/SRTP, working fine!

But now it comes to TAPI or manager.conf access. I read that i can enable encryption for that here

But how do I do that? I think i have to edit the manager.conf file over console/ssh access right?
But what happens when i install some updates, does the manager.conf gets overwritten than?

There isn’t a manager custom file?

It is
But can I modify the [general] part there?

In the custom file, put something like:

your_setting = true

But I am not sure if enabling encryption under the general settings might break FreePBX

1 Like

That first link is from 2008, tls is the new ssl and from

we see secure connections by default would be ovrr port 5039, FreePBX only uses

IMHO anyone that allows port 5038 through your firewall is exposing a long standing but ubiquitous security risk with FreePBX

Yeah saw that thanks :slight_smile:


When i manually edit the manager.conf with
tlsenable = yes
tlsbindport = 5039

Its working over tls

Will try it now with [general] (+)

Working :slight_smile:

Looks like that now

[general] (+)
tlsenable = yes
tlsbindport = 5039
tlsbindaddr =
tlscertfile = /etc/asterisk/keys/LE.pem
tlsprivatekey = /etc/asterisk/keys/LE.key

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.