Hello. By default we use our own rootca file embedded in linphone-sdk.
If you didn't modify it, there is a chance that Sectigo certs are not trusted by the root certificates we use, or that there is a configuration issue on the server side.
I updated the rootca 3 or 4 month ago, so this is not likely an update issue.
The quickest for you would be to pick a certificate from another provider, at least to test.
Regards, Peio Rigaux Junior DevOps Engineer Belledonne Communications, the company behind Linphone Linphone.org <https://linphone.org/> Le 09/09/2021 à 00:59, Trent Creekmore a écrit :
FreePBX already sends the whole certificate chain. I have the latest Windows Phone client using it on another FreePBX system which gets updated certificates from Let's Encrypt every three months, and I have not had a single issue.I also updated the client on Android to 4.5.2 from 4.5.1.Not sure how to check the Android client to check "if the Sectigo RSA Domain Validation Secure Server CA is installed on the Android client."I went ahead and connected by UDP for now, but would prefer to get TLS functioning.Thanks. On 9/8/21 11:13 AM, Dennis Filder wrote:On Tue, Sep 07, 2021 at 04:22:18PM -0500, Trent Creekmore wrote:Well, SSL is used for https. In FreePBX it has a Certificate manager which allows the use ofcertificates, not only for SSL in the PBX web interface, but also be usedfor TLS in SIP..As I have mentioned when first set up this TLS connection some months ago,it was connecting. Certificate still valid. I did not mention I am using Android client. Here is more of the log (redacted a bit)2021-09-07 14:06:08:999 [org.linphone/belle-sip] MESSAGE Trying to connectto [TLS://::ffff:2myIP Address:5061] (...)2021-09-07 14:06:09:181 [org.linphone/belle-sip] ERROR Cannot connect to[TLS://pbx.domain:5061] 2021-09-07 14:06:09:181 [org.linphone/belle-sip] MESSAGE channel[0x784aec40]: entering state ERRORNothing here clues me in further. I can just reiterate: * Check if the Sectigo RSA Domain Validation Secure Server CA is installed on the Android client and that the fingerprints are identical. * Try if you can configure FreePBX to send the entire certificate chain. * Beyond that you will have to look at the wire and/or try your luck with s_client. Regards. _______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users_______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users
OpenPGP_0x99D28356FED78143.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users
