Import .pem file for use with Amazon Chime Voice Connector trunk TLS/SRTP

wpns · August 1, 2019, 11:41am

The description for Encryption for Amazon Chime Voice Connector trunks says:

/*
Encryption configures your Voice Connector to use TLS transport for SIP signaling and Secure RTP (SRTP) for media. Enabling encryption causes inbound calls to use TLS transport, and blocks unencrypted outbound calls.
*/

It tells me I must:

/*
Import the wildcard root certificate into your SIP infrastructure. Download here.
*/

I’ve tried a couple of things:

Put the above .pem file into /etc/asterisk/keys and click Admin->Certificate Management->Import Locally, but that gets me “No certificates to import”. Rebooting doesn’t help.
Copy the contents of the file into Admin->Certificate Management->New Certificate->Upload Certificate-> but that throws other errors.

I’ve tried to follow the instructions at https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial but that seems to be more about how to make my own certificate and configure extensions to use encryption, and I want to use someone else’s certificate and enable trunk encryption…

I must be missing something simple, can someone enlighten me?

Thanks!

wpns · August 4, 2019, 9:13pm

Any thoughts on how this is supposed to work?

Thanks!

billsimon · August 4, 2019, 10:29pm

The certificate management section is used for certs related to the PBX server. What Amazon wants you to do is load a root cert.

The suggestions here should be helpful: https://stackoverflow.com/questions/37043442/how-to-add-certificate-authority-file-in-centos-7

(I have not done this specific thing with Amazon Chime; just trying to help you get to what I believe is the next step.)

system · August 11, 2019, 10:29pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.