TLS enable

Does anyone know how to enable TLS in the FreePBX distro? We are running FreePBX 13.0.120.

I set the extension to use TLS. I enabled TLS in SIP settings with chan_sip, picked a SSL certificate from certificate manager and tried the various SSL methods. Nothing works. The forum is unusually quiet about TLS and google refers to older versions of FreePBX. What am I missing.

What makes you think it’s not working?

Have you configured your phone to use TLS?

Sorry. “Nothing works” means I can’t get it to work.
Yes. Phone does not register on TLS. Log shows TLS is failing but does not give much info even with debug 10 and verbose 10.
Phone is set to TLS, SIP settings are set to TLS. Certificate is from Let’s Encrypt. Do I have to do anything special with the certificate. I found a reference on the net that says to concatenate the certificate is this still relevant?

I must be missing something e.g. TLS bind port is still [::] as recommended in the GUI but on the net it says to bind to the IP of the server.

Have you seen the TLS pages in the wiki:

1 Like

Thanks. It says you have to reboot the server after setting TLS?

Nope. Reboot didn’t do it.

Is the “Let’s Encrypt” certificate even compatible with TLS?
Does anyone have this working? If yes please share your steps.
According to this blog TLS enable I need a asterisk.pem file which is nowhere to be found on my system after enabling TLS in system settings.

Yes it’s 100% compatible. The steps in the wiki are based off of let’s encrypt which our support team has used to create the wiki article itself.

No you don’t need an asterisk.pem file.

Thanks for all the help. No success yet.
The TLS wiki pages refer to endpoint manager which I don’t use to provision the phones.
Is the endpoint manager really needed to enable TLS?

No, that’s just to enable TLS in the phone, which you said you have done.

At this point, I’d speak to your phone manufacturer, because it sounds like there’s some fundamental broken-ness with them. It works for me on a bunch of phones I’ve tried it with.

Also, I noticed you said [quote=“dcitelecom, post:3, topic:35071”]
Log shows TLS is failing but does not give much info

but you haven’t actually shown anyone the log, from asterisk or from the phone.

I didn’t want to be one of those guys who post a 10 page log to the forum. I know my eyes always glaze over when I see that kind of thing.

I tried TLS with the IOS SIP clients “Media-5 phone” and Zoiper. I can try a cisco phone (if you think the problem is the phone) but really only wanted TLS for our mobile SIP clients to bypass SIP ALG in hotels, airports, etc…

Just tested it, it works for me with Zoiper - well, Zoiper CRASHES, but it registers and makes a call

The Zoiper crash is a red herring. It crashes for me at call termination and I’m not using TLS. It’s a recently added “feature”.


Are you Able to make it work?
I’m facing the same problem with the TLS on ZOIPER and on a Yealink phone…

  1. use certificate management to install “Let’s encrypt” TLS certificate (or any other)
  2. set enable TLS = yes in SIP advanced settings
  3. indicate the certificate manager from #1 and use method sslv2
  4. in the SIP extension set TLS and encryption and you should be good to go.
    Zoiper is a bit of a challenge as it does not handle TLS very well but if you play with the settings (in Zoiper) you should be able to get it to work.
1 Like