I am running a FreePBX with a SIP trunk from my internet provider (M-net).
The SIP connection (PJSIP) goes over TLS on port 5061 and SRTP is enabled for media transfer.
Everything worked without any problems.
Now my ISP sent me the following letter (translated):
You are using your SIP trunk with the option “encryption”. The current M-net VoIP certificate expires at the end of May 2021 and will unfortunately not be renewed by the corresponding issuer (comodo).
For this reason, we hereby ask you to add another certificate on your IP-PBX.
To ensure that you can continue to make encrypted calls via your M-net connection in the future, the following steps must be carried out by your system administrator:
- Download of the new certificate (Link: M-net-Root-X1) to your IP-PBX.
- Adjustment of the SIP configuration of your IP-PBX with a SIP trunk account: The FQDN business02.mnet-voip.de must be configured as outbound proxy.
- The IP-PBX now establishes a TCP connection and then a TLS connection. SIP messages can then be sent over this TLS connection.
- Execution of test calls (incoming and outgoing)
We recommend that you carry out this adjustment outside your business hours, as calls may be interrupted for a short time.
When I try to set these changes, the connection no longer works.
As soon as I enter the desired server in ‘Outbound Proxy’ in the SIP Trunk settings, the connection is ‘Rejected’.
I have tried different settings for ‘Transport’ and ’ Server’ and ‘Outbound-Proxy’ but without success.
I have not uploaded the certificate to the FreePBX, nor would I know where it would be stored. But I think that maybe this is not necessary, because I didn’t have to upload the old certificate either.
What am I doing wrong? How can I find out the error?