we have been utilizing an asterisk plugin within a monitoring tool to keep an eye on many of our deployments which connects to the AMI for polling over HTTPS. As of recently we noticed a wave of deployments disconnect and after investigating noticed that each of those deployments is no longer showing as tls enabled for AMI. We tried removing and reapplying the tlsenable setting both in the custom and directly within manager.conf with no luck.
The cert information you see above I supplied referencing the same cert/key from the Apache config for the admin portal knowing that itās managed by certificate manager.
I believe that the FreePBX ācertificate managerā will primarily place them in /etc/asterisk/keys, What you have in /etc/httpd/pki will not be so associated
Now AMI over 5039 is way too forgiving given it is 2023 but you will need to at least enable it, you have
Now AMI over 5039 is way too forgiving given it is 2023 but you will need to at least enable > it, you have
TLS Enable: No
This is actually the exact issue iām posting about. You can see above in my manager_custom.conf where I explicitly defined ātlsenable=yesā, but as you pointed out itās still reporting as being disabled in the output of āmanager show settingsā. I know itās reading my config because it populated the certificate path information along with enabled web manager which was set to disabled out of the box, it just seems as though itās ignoring the TLS setting I provided in my config.
Well, @dicko takes the gold. Although the certificates are published and current within/etc/httpd/pki - asterisk didnāt actually have access to them in this location. I went ahead and referenced the copies located in /etc/asterisk/keys and the TLS listener came up.