The certificate is generated via the freepbx module
Endpoints config :
Enable AVPF – Yes
Enable ICE Support – Yes
Media Encryption – DTLS-SRTP
Direct Media – No
Enable DTLS – Yes
Auto Generate Certificate – No
Use Certificate – MyCertificate
DTLS Verify – Fingerprint
DTLS Setup – Act/Pass
rtcp Mux is enabled
ALL endpoints are pjsip , pjsip is the only driver.
After a fresh reinstall i am having the same problem. (Centos 7 , FreePBX 188.8.131.52, on a DigitalOcean Droplet).
Freepbx does not export dtls parameters to the endpoint (pjsip.endpoint).
as previously described, Media Encryption is set to DTLS-SRTP, DTLS is also enabled.
still these variables are not exported.
40 => “dtls_verify=fingerprint”
41 => “dtls_setup=actpass”
42 => “dtls_rekey=0”
43 => “dtls_cert_file=/etc/asterisk/keys/XXXX.crt”
44 => “dtls_private_key=/etc/asterisk/keys/XXXX.key”
45 => “language=fr”
I debugged some of admin scripts , Certman.class.php is getting the data correctly , setting the PJSIP class _endpoint array attribute throught dialplanHooks, but later it gets cleared right before Languages class is editing the attribute(_endpoint).
The variable ends up containing only only language parameter , which explain why PJSIP Hook genConfig doesnt export the dtls variables.
My bad server is missing tlscipher from that file as well as the dtls fields in pjsip.extensions.conf. I can fix them manually but when applying changes or force updating a certificate, they’re removed again.
I don’t know where tlscipher gets written. I never wrote it myself on the original server. I’m thinking certman writes that, but I can’t find it in the source code. The only reference I found was in sip_to_pjsip.py but I don’t use ChanSIP at all.
I got this problem too. After research, I found the problem are come from PHP7.4 build Aug 1. They loss dtls config from endpoint certman class when core class generating. I have similar FreePBX with PHP7.4 early build. They are working fine. My solution is hardcode to the PJSIP module for dtls configurations for hot fix.