Setting up TLS on Aastra/Mitel phones

This is my first attempt at doing this, so excuse my ignorance.
I’ve followed the setup on my FreePBX instance and extensions like it would be setup for a Sangoma phone as referenced here: http://wiki.freepbx.org/display/PHON/TLS+and+SRTP

But now I’m a little lost. I noticed EPM didn’t make any changes to the .cfg files for the phones.
So I’ve manually edited the provisioning config to include the following changes:
sip srtp mode: 2
sips trusted certificates: cert.pem
sip transport protocol: 4
sips persistent tls: 1

I also changed my proxy and register ports to 5061
and I copied cert.pem from /etc/asterisk/keys/ to /tftpboot/
But the phone does not register.

Do I need to explicitly set a path for the trusted certificate like tftp://mypbx.com/cert.pem ?
Or am I choosing the wrong certificate as the trusted certificate?
Anything else I could be missing?

I’m running FreePBX 13.0.190.9, using Chan SIP, and I’m testing with a few Aastra 6755i and 6867i phones.
The default certificate is from Let’s Encrypt.

Correct we only setup the phone if Sangoma Phone. That wiki is part of the Sangoma Phone wiki and only is used for sangoma phones.

I think I’m getting closer.
I was looking at how this is done on a Polycom VVX (http://community.polycom.com/t5/VoIP/FAQ-How-can-I-setup-a-TLS-connection-for-SIP-signaling-and-or/td-p/33018)
and discovered my trusted certificate does need to be loaded to the phone using a full path and it has to be either HTTP or FTP, not TFTP.
So I copied my cert.pem from /etc/asterisk/keys/ to /var/www/html/cert/
then edited the Aastra config to show a full path like:
sips trusted certificates: http://mypbx.com/cert/cert.pem

I’m also trying to test with a Polycom VVX 500 I have laying around.

Any chance in Sangoma developers adding TLS support to EPM for other phones?

No not at this time and if we donl it will be for certified partners only which neither Astra not Polycom are.

I have the same competition now.
Maybe you can try to edit the basefile manually to get it working?

OMG No

I dont get it working on our Aastra Phones.

Tried all combinations of TLS, SSL Certs… no chance.

I followed the Wiki and created the Let’s Encrypt Cert
What files of the Let’s encrypt do i have to enter in my Aastra Phone?
Im giving this up. I try and try for hours and nothing works :frowning:

Sometimes Asterisk Log Shows:
SSL3_READ_BYTES:tlsv1 alert unknown ca

[2017-03-15 02:38:12] ERROR[25164] tcptls.c: Problem setting up ssl connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[2017-03-15 02:38:12] WARNING[25164] tcptls.c: FILE * open failed!