Does anyone know how to enable TLS in the FreePBX distro? We are running FreePBX 13.0.120.
I set the extension to use TLS. I enabled TLS in SIP settings with chan_sip, picked a SSL certificate from certificate manager and tried the various SSL methods. Nothing works. The forum is unusually quiet about TLS and google refers to older versions of FreePBX. What am I missing.
Sorry. “Nothing works” means I can’t get it to work.
Yes. Phone does not register on TLS. Log shows TLS is failing but does not give much info even with debug 10 and verbose 10.
Phone is set to TLS, SIP settings are set to TLS. Certificate is from Let’s Encrypt. Do I have to do anything special with the certificate. I found a reference on the net that says to concatenate the certificate https://blog.rhodestech.ca/asteriskfreepbx-ssl/ is this still relevant?
I must be missing something e.g. TLS bind port is still [::] as recommended in the GUI but on the net it says to bind to the IP of the server.
Is the “Let’s Encrypt” certificate even compatible with TLS?
Does anyone have this working? If yes please share your steps.
According to this blog TLS enable I need a asterisk.pem file which is nowhere to be found on my system after enabling TLS in system settings.
Thanks for all the help. No success yet.
The TLS wiki pages refer to endpoint manager which I don’t use to provision the phones.
Is the endpoint manager really needed to enable TLS?
No, that’s just to enable TLS in the phone, which you said you have done.
At this point, I’d speak to your phone manufacturer, because it sounds like there’s some fundamental broken-ness with them. It works for me on a bunch of phones I’ve tried it with.
Also, I noticed you said [quote=“dcitelecom, post:3, topic:35071”]
Log shows TLS is failing but does not give much info
[/quote]
but you haven’t actually shown anyone the log, from asterisk or from the phone.
I didn’t want to be one of those guys who post a 10 page log to the forum. I know my eyes always glaze over when I see that kind of thing.
I tried TLS with the IOS SIP clients “Media-5 phone” and Zoiper. I can try a cisco phone (if you think the problem is the phone) but really only wanted TLS for our mobile SIP clients to bypass SIP ALG in hotels, airports, etc…
use certificate management to install “Let’s encrypt” TLS certificate (or any other)
set enable TLS = yes in SIP advanced settings
indicate the certificate manager from #1 and use method sslv2
in the SIP extension set TLS and encryption and you should be good to go.
Zoiper is a bit of a challenge as it does not handle TLS very well but if you play with the settings (in Zoiper) you should be able to get it to work.