On Monday 06 January 2020 at 19:01:09, Olivier wrote: > May I add I could successfully (if pjsip show transports has any meaning) > add a PJSIP TLS-transport with: > > [transport-tls] > type=transport > protocol=tls > bind=0.0.0.0:5061 > cert_file=/etc/asterisk/keys/asterisk.crt > priv_key_file=/etc/asterisk/keys/asterisk.key
So, that does indeed suggest that an absolute path + the .crt file instead of the .pem file might work... > method=tlsv1 > > Le lun. 6 janv. 2020 à 18:33, Olivier <[email protected]> a écrit : > > Hello, > > > > On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a > > way to enable HTTPS. > > Asterisk is running as asterisk:asterisk: > > > > asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 > > /usr/sbin/asterisk -g -f -p -U asterisk > > > > # cat /etc/asterisk/http.conf > > [general] > > servername=Asterisk > > enabled=yes > > bindaddr=0.0.0.0 > > bindport=8088 > > tlsenable=yes > > tlsbindaddr=0.0.0.0:8089 > > tlscertfile=/etc/asterisk/keys/asterisk.pem > > ;tlsprivatekey=keys/asterisk.key > > > > # ls -lR /etc/asterisk/keys > > /etc/asterisk/keys: > > total 32 > > -rw-rw-r-- 1 asterisk asterisk 1229 janv. 6 16:00 asterisk.crt > > -rw-rw-r-- 1 asterisk asterisk 586 janv. 6 15:59 asterisk.csr > > -rw-rw-r-- 1 asterisk asterisk 887 janv. 6 15:59 asterisk.key > > -rw-rw-r-- 1 asterisk asterisk 2116 janv. 6 16:00 asterisk.pem > > -rw-rw-r-- 1 asterisk asterisk 158 janv. 6 15:59 ca.cfg > > -rw-rw-r-- 1 asterisk asterisk 1773 janv. 6 15:59 ca.crt > > -rw-rw-r-- 1 asterisk asterisk 3311 janv. 6 15:59 ca.key > > -rw-rw-r-- 1 asterisk asterisk 132 janv. 6 15:59 tmp.cfg > > > > # grep TLS /var/log/asterisk/full | tail -1 > > [Jan 6 18:24:45] ERROR[11221] tcptls.c: TLS/SSL error loading cert file. > > </etc/asterisk/keys/asterisk.pem> > > > > # su - asterisk --shell /bin/sh --command 'cat > > /etc/asterisk/keys/asterisk.pem' > > -----BEGIN RSA PRIVATE KEY----- > > MIICXAIBAAKBgQCxllxfOR9sFwyKiKPZErUcBF1zlwTVZ9XvemA/8yQY7aIVw2ce > > ... > > RE3X5iJqFIRupoIQZQJBAJnDX8dCQbqLvmAV6/Ubiz0XHjHzLEkhMKtF/ksbgou1 > > zykmu2rlUbnZ+DPFj/lw9WH7DaIxtogZ7qKSp0dd95g= > > -----END RSA PRIVATE KEY----- > > -----BEGIN CERTIFICATE----- > > MIIDXzCCAUcCAQEwDQYJKoZIhvcNAQELBQAwNTEcMBoGA1UEAwwTQXN0ZXJpc2sg > > ... > > XkVjfneCBgllQhLrnb9oUBuHQCy3qtlPkXpXfAtIsodnoV1mrpI3+iKH7xWc4AtQ > > Rbrt > > -----END CERTIFICATE----- > > > > > > Any clue ? > > > > Best regards -- I can tell you I wish those people just would be quiet. It would be best for the world. That's not going to happen, so we have to work in the right fashion with these security researchers. - Steve Ballmer, at Microsoft's Worldwide Partner Conference in New Orleans, October 2003 - http://news.microsoft.com/speeches/steve-ballmer-speech-transcript- microsoft-worldwide-partner-conference-2003/ Please reply to the list; please *don't* CC me. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
