TLS Certificates FreePBX 15


(Sani) #1

Hey people

I’m having trouble configuring encrypted calls with softphones. Couldn’t Register

FreePBX version 15
RaspberryPI 4
Softphone: Blink

I didn’t find the TLS Documentation for version 15 so I followed this links as far as possible
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
https://wiki.freepbx.org/display/PHON/TLS+and+SRTP
So i have generate a mix of them.

Softphone
client cerfiticate
server certificate
SIP Settings
Wireshark:Failed Message

what am I doing wrong???


(Communication Technologies) #2

https://docs.apigee.com/api-platform/troubleshoot/runtime/ssl-handshake-failures


(Matt Brooks) #3

Handshake failures typically are one of the following:

  1. You’re using a self-signed certificate and the CA hasn’t been added to the device that’s making the connection.
  2. The certificate on the server is expired
  3. The domain name being connected to doesn’t match what is on the certificate

As far as fixing this, I’m probably not going to be very helpful, but at a minimum it would be good to understand if you’re using a self-signed certificate or if you used a 3rd party CA like let’s encrypt or godaddy.


(Jared Busch) #4

He is using an IP address n the client screenshot.

He is also using the ca.crt in the one screenshot. That is not the full cert, that is only the Certificate Authority’s chain.


(Sani) #5

I used this commands to create a self.signed certificate (My network is only local)

./ast_tls_cert -C 20.0.0.2 -O “Asterisk” -d /etc/asterisk/keys

for Client
./ast_tls_cert -m client -c /etc/asterisk/keys/ca.crt -k /etc/asterisk/keys/ca.key -C 3000.mycompany.(com -O “My Super Company” -d /etc/asterisk/keys -o 3000


(Sani) #6

I think I am doing something wrong when I’m creating the certificates or I have forgotten to set up something at FreePBX. However, nowhere I can find a documentation like version 14. There is a certificate menu item.


(Sani) #7

Nobody knows how to configure TLS in FreePBX 15?


(Sani) #8

is the content of the self-signed certificate important?


(Chazz) #9

I also have problems with TLS on the FreePBX 15. I want to simulate SRTP calls and I also use Blink as a softphone.
So far, nobody has been able to help me here.