I’m trying to set up TLS encryption on my SIP server running RasPBX (Asterisk 16 & FreePBX 15). Unfortunately there’s not too much information online about a complete workflow on how this should be done. So far I did the following
Created a Let’s encrypt certificate
SIP Settings > General SIP Settings > Security Settings > Default TLS Port Assignment > pjsip
I know little about this, but believe that this option causes Asterisk to request a client certificate from the device and reject the connection if one is not provided or cannot be verified. Assuming that you haven’t configured Zoiper with such a cert, the TLS handshake will fail.
If turning that off doesn’t help:
Does anything appear in the Asterisk log when the device attempts to register? If so, post that. If not, capture traffic with tcpdump, move it to your PC and examine it with Wireshark. If there is a failed TLS handshake, it should give a clue as to what is wrong. If nothing appears at all (not even a SYN packet from Zoiper), describe your network configuration.
I disabled the verify client option and set up the ports correctly in Zoiper’s account settings and then I was able to accept the server’s certificate and connect. Had some other errors after that (like “Internal Server Error” or “Not acceptable here”) which were preventing me from making calls but they disappeared after reloading the asterisk config.
One more question, where does this certificate stay on my android phone and how can I see it?