update: the configuration is working now, see my red comments below.
hello community,
i am trying to add TLS transport to my SIP environment, which contains:
voip.example.com asterisk 1:13.1.0~dfsg-1.1
zoiper.example.com zoiper 3.6.25251 32bit (Library revision: 25476)
the certificates for the asterisk server and the zoiper workstation has been generated by startssl.com. both certificates are using intermediate certificates.
for the asterisk server i have concatenated the certificate and the intermediate certificate into one file. and i have added the following configuration to my sip.conf for TLS transport:
[general]
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/ssl/certs/voip.example.com.pem
tlsprivatekey=/etc/ssl/private/voip.example.com.key
[123456]
transport=tls
on the zoiper workstation i have changed the following parameters:
preferences -> accounts -> general -> domain: voip.example.com
preferences -> accounts -> general -> username: 123456
preferences -> accounts -> general -> password: topsecret
preferences -> accounts -> advanced -> use TLS transport (and enable the "use rport" checkbox)
preferences -> advanced -> security -> Load domain certificate: enable (and select your cert file in PEM format)
preferences -> advanced -> security -> protocol suite: TLS v1
the certificate for zoiper needs to be in PEM format and concatenated as:
-
server certificate
-
server certificate key
-
intermediate certificate
thanks in advance and greetings
-mog