i made some more investigations. below are the outputs of ssl connections to my PBX and to my Zoiper phone. the output of the PBX seems to be ok, but the Zoiper phone is not responding with valid certificates.
openssl s_client -connect voip.example.com:5061
CONNECTED(00000003)
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority
verify return:1
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA
verify return:1
depth=0 C = DE, CN = voip.example.com, emailAddress = postmaster@example.com
verify return:1
---
Certificate chain
0 s:/C=DE/CN=voip.example.com/emailAddress=postmaster@example.com
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---
openssl s_client -connect ds9.example.com:5061
CONNECTED(00000003)
140267883742864:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 315 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
i have enabled additional settings:
preferences -> advanced -> network -> sip options -> port: 5060 (disabled random ports)
preferences -> advanced -> security -> Load domain certificate: enable
i have tried a certificate with PEM format concatenated in the order:
-
server certificate
-
server certificate key
-
intermediate certificate
this did not work. then i tried:
-
server certificate
-
server certificate key
-
intermediate certificate
-
ca certificate
no valid SSL response from zoiper phone either.
is there nobody out there that could hint me to the right settings or documentation how to enable TLS transport on the zoiper phone software?