currently the output of the pjsip show transport 0.0.0.0-tls
is:
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress....................> ========================================================================================== Transport: 0.0.0.0-tls tls 3 96 0.0.0.0:5061 ParameterName : ParameterValue ================================================================= allow_reload : true async_operations : 1 bind : 0.0.0.0:5061 ca_list_file : /etc/pki/tls/certs/ca-bundle.crt ca_list_path : cert_file : /etc/asterisk/keys/domain.pem cipher : cos : 3 domain : external_media_address : freepbx_IP external_signaling_address : freepbx_IP external_signaling_port : 0 local_net : method : tlsv1 password : priv_key_file : /etc/asterisk/keys/domain.key protocol : tls require_client_cert : No symmetric_transport : false tos : 96 verify_client : No verify_server : No websocket_write_timeout : 100
The /etc/asterisk/keys/domain.pem file looks like:
-----BEGIN PRIVATE KEY----- some text -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- some text -----END CERTIFICATE-----
Few changes that I tested
- I deleted all certificates other than the third party one
- I removed local_net (not sure if it makes a difference)
- I used softphone app
Polycom phone is still not registering as tls
I have been looking at Yealink / Freepbx / SIP / TLS and I will try to import the server (ca.crt?) and client certificates (domain.pem?) to the Polycom phone
Is /etc/asterisk/keys/domain.pem a client certificate?