TLS for Grandstream and Sangoma without EPM

I am trying to use TLS for some of our phones, we have a plethora of brands. I have enabled TLS on Freepbx PJSIP config using port 5060, and selected the TLS transport for the extension. We have a Let’s Encrypt certificate.
My phone is brand new, just added user and pass, and selected TLS.
It is not registering, what am I missing? Do I need a certificate for the phone?
We don’t use EPM as I understand it won’t help with non Sangoma phones

Usually you’d use port 5061 for TLS and Let’s Encrypt certs are generally a bad idea in this case. You have to take care of renewals (every week or so) and you already know it’s your stuff.

You need to post some diagnostic message to see what is going on.

A few corrections:

The certificate management module handles LE renewals just fine.

The free version of EPM provisions Sangoma phones only, but there are many supported devices for the paid version. But really EPM is irrelevant in a conversation about setting up phones for TLS signaling.

Most current phones will work with LE certs, the only one that we see regular reports of here is Yealink, not sure if all models or not. I’m sure a quick google search will tell you if you’re phone supports TLS with LE certs, and prob best to be on a current firmware.

Thanks all for the pointers, it is now registered using TLS, it was as simple as setting port 5061 like you mentioned, but I got it working on a Sangoma S505, on a Grandstream GXP2160 is not working yet. I have set on my phone, and enabled TLS setting in the Freepbx extension.
Not working so far, but I noticed that the Sangoma S505 has a factory certificate, I think the GS does not. How can I make one? Is that what I need?

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.