Hello, Le lun. 6 janv. 2020 à 19:01, Olivier <oza.4...@gmail.com> a écrit :
> May I add I could successfully (if pjsip show transports has any meaning) > add a PJSIP TLS-transport with: > > [transport-tls] > type=transport > protocol=tls > bind=0.0.0.0:5061 > cert_file=/etc/asterisk/keys/asterisk.crt > priv_key_file=/etc/asterisk/keys/asterisk.key > method=tlsv1 > > Le lun. 6 janv. 2020 à 18:33, Olivier <oza.4...@gmail.com> a écrit : > >> Hello, >> >> On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a >> way to enable HTTPS. >> Asterisk is running as asterisk:asterisk: >> >> asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 >> /usr/sbin/asterisk -g -f -p -U asterisk >> >> # cat /etc/asterisk/http.conf >> [general] >> servername=Asterisk >> enabled=yes >> bindaddr=0.0.0.0 >> bindport=8088 >> tlsenable=yes >> tlsbindaddr=0.0.0.0:8089 >> tlscertfile=/etc/asterisk/keys/asterisk.pem >> ;tlsprivatekey=keys/asterisk.key >> >> # ls -lR /etc/asterisk/keys >> /etc/asterisk/keys: >> total 32 >> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt >> -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr >> -rw-rw-r-- 1 asterisk asterisk 887 janv. 6 15:59 asterisk.key >> -rw-rw-r-- 1 asterisk asterisk 2116 janv. 6 16:00 asterisk.pem >> -rw-rw-r-- 1 asterisk asterisk 158 janv. 6 15:59 ca.cfg >> -rw-rw-r-- 1 asterisk asterisk 1773 janv. 6 15:59 ca.crt >> -rw-rw-r-- 1 asterisk asterisk 3311 janv. 6 15:59 ca.key >> -rw-rw-r-- 1 asterisk asterisk 132 janv. 6 15:59 tmp.cfg >> >> # grep TLS /var/log/asterisk/full | tail -1 >> [Jan 6 18:24:45] ERROR[11221] tcptls.c: TLS/SSL error loading cert file. >> </etc/asterisk/keys/asterisk.pem> >> >> # su - asterisk --shell /bin/sh --command 'cat >> /etc/asterisk/keys/asterisk.pem' >> -----BEGIN RSA PRIVATE KEY----- >> MIICXAIBAAKBgQCxllxfOR9sFwyKiKPZErUcBF1zlwTVZ9XvemA/8yQY7aIVw2ce >> ... >> RE3X5iJqFIRupoIQZQJBAJnDX8dCQbqLvmAV6/Ubiz0XHjHzLEkhMKtF/ksbgou1 >> zykmu2rlUbnZ+DPFj/lw9WH7DaIxtogZ7qKSp0dd95g= >> -----END RSA PRIVATE KEY----- >> -----BEGIN CERTIFICATE----- >> MIIDXzCCAUcCAQEwDQYJKoZIhvcNAQELBQAwNTEcMBoGA1UEAwwTQXN0ZXJpc2sg >> ... >> XkVjfneCBgllQhLrnb9oUBuHQCy3qtlPkXpXfAtIsodnoV1mrpI3+iKH7xWc4AtQ >> Rbrt >> -----END CERTIFICATE----- >> >> >> Any clue ? >> >> Best regards >> > After tens of trying different settings, I tried this morning to simply copy certs files from a running FreePBX 15 instance to my Debian Buster target. To my surprise, it worked as for the very first time, I now have : # asterisk -rx 'http show status' HTTP Server Status: Prefix: Server: Asterisk/16.7.0 Server Enabled and Bound to [::]:8088 HTTPS Server Enabled and Bound to [::]:8089 Now, to fully solve the issue, I need to understand why things didn't work previously and now do work correctly. Current /etc/asterisk/keys is: # ls -alR keys keys: total 56 drwxr-xr-x 3 asterisk asterisk 4096 janv. 8 09:31 . drwxrwxr-x 3 asterisk asterisk 4096 janv. 8 09:35 .. -rw------- 1 asterisk asterisk 1675 janv. 8 09:31 api_oauth.key -rw------- 1 asterisk asterisk 451 janv. 8 09:31 api_oauth_public.key -rw-r--r-- 1 asterisk asterisk 191 janv. 8 09:31 ca.cfg -rw-r--r-- 1 asterisk asterisk 1724 janv. 8 09:31 ca.crt -rw-r--r-- 1 asterisk asterisk 3243 janv. 8 09:31 ca.key -rw------- 1 asterisk asterisk 1712 janv. 8 09:31 default.crt -rw------- 1 asterisk asterisk 1610 janv. 8 09:31 default.csr -rw------- 1 asterisk asterisk 3247 janv. 8 09:31 default.key -rw------- 1 asterisk asterisk 4959 janv. 8 09:31 default.pem drwxr-xr-x 2 asterisk asterisk 4096 janv. 8 09:31 integration -rw-r--r-- 1 asterisk asterisk 1024 janv. 8 09:31 .rnd keys/integration: total 24 drwxr-xr-x 2 asterisk asterisk 4096 janv. 8 09:31 . drwxr-xr-x 3 asterisk asterisk 4096 janv. 8 09:31 .. -rw------- 1 asterisk asterisk 4959 janv. 8 09:31 certificate.pem -rw------- 1 asterisk asterisk 1712 janv. 8 09:31 webserver.crt -rw------- 1 asterisk asterisk 3247 janv. 8 09:31 webserver.key Asterisk is running as asterisk:asterisk. /etc/asterisk/http.conf is: # cat http.conf [general] enabled=yes enablestatic=no bindaddr=:: bindport=8088 prefix= sessionlimit=100 session_inactivity=30000 session_keep_alive=15000 tlsenable=yes tlsbindaddr=[::]:8089 tlscertfile=/etc/asterisk/keys/integration/certificate.pem tlsprivatekey=/etc/asterisk/keys/integration/webserver.key # cat /etc/asterisk/keys/ca.cfg [req] distinguished_name = req_distinguished_name prompt = no default_md = sha256 [ca] default_md = sha256 [req_distinguished_name] CN=localhost O=localhost [ext] basicConstraints=CA:TRUE Is there a way to find how FreePBX generated the /etc/asterisk/keys tree ? Best regards
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users