How to properly set up a certificate for Asterisk to work on CentOS?

S

Stepan2018-03-18 14:23:21

Asterisk

Stepan, 2018-03-18 14:23:21

I'm trying to build a WebRTC connection to an Asterisk server.
I have Asterisk 13.19 on CentOS which works fine through SIP clients. I made the settings according to the manual:
wiki.asterisk.org
As a result, when I try to connect, I get an error:

ERROR[5435]: tcptls.c:695 handle_tcptls_connection: Problem setting up ssl connection: error:00000005:lib(0):func(0):DH lib, System call EOF
WARNING[5435]: tcptls.c:782 handle_tcptls_connection: FILE * open failed!

I look at connection bugs:

openssl s_client -connect xxx.xxx.xxx.xxx:8089 -bugs

I get the following output:

CONNECTED(00000003)
depth=0 CN =  xxx.xxx.xxx.xxx:, O = ООО
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN =  xxx.xxx.xxx.xxx:, O = ООО
verify error:num=21:unable to verify the first certificate
verify return:1

and there further the certificate, etc.
Judging by the first error, I decided that the connection could not pass because of the bad certificate.
The question is:
1) How can I solve this problem with a self-signed certificate? because the purpose of the project is for personal purposes, and not for public access
2) Will a paid certificate solve this problem?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

CityCat4, 2018-03-18
@ykppon

There was just recently a discussion about this issue. A self-signed certificate that fails validation. To pass validation, you need one of two things:
- place the certificate in the store (usually /etc/ssl/certs, but for example in centos in /etc/pki/tls/certs) and create a special link to it:
- get a certificate from the world CA (for money, but you can try LE)