On Monday 06 January 2020 at 18:33:39, Olivier wrote:
> Hello,
>
> On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a
> way to enable HTTPS.
> # cat /etc/asterisk/http.conf
> [general]
> servername=Asterisk
> enabled=yes
> bindaddr=0.0.0.0
> bindport=8088
> tlsenable=yes
> tlsbindaddr=0.0.0.0:8089
> tlscertfile=/etc/asterisk/keys/asterisk.pem
Have you tried pointing to the .crt file instead of the .pem file?
> ;tlsprivatekey=keys/asterisk.key
Why is that commented out (and why is it a relative path)?
> # ls -lR /etc/asterisk/keys
> /etc/asterisk/keys:
> total 32
> -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt
> -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr
> -rw-rw-r-- 1 asterisk asterisk 887 janv. 6 15:59 asterisk.key
> -rw-rw-r-- 1 asterisk asterisk 2116 janv. 6 16:00 asterisk.pem
> -rw-rw-r-- 1 asterisk asterisk 158 janv. 6 15:59 ca.cfg
> -rw-rw-r-- 1 asterisk asterisk 1773 janv. 6 15:59 ca.crt
> -rw-rw-r-- 1 asterisk asterisk 3311 janv. 6 15:59 ca.key
> -rw-rw-r-- 1 asterisk asterisk 132 janv. 6 15:59 tmp.cfg
> Any clue ?
Try reducing the permissions on the .crt and especially the .key files, so
they're not world-readable.
Many applications will refuse to start if the certificate or key files are
insecure.
Antony.
--
Salad is what food eats.
Please reply to the list;
please *don't* CC me.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
