Re: [asterisk-users] TLS Manager
Thank you although that seems a bit strange. Does one simply concatenate them together or is it really looking for a PKCS#12 file? Thanks - John On Sun, 2009-07-26 at 10:03 -0700, Eric Chamberlain wrote: The pem file should contain both the private key and the certificate. On Jul 24, 2009, at 4:08 PM, John A. Sullivan III wrote: Hello, all. After many pages of googling and testing in the lab, I'm still a bit perplexed about how to implement tls protection for the asterisk manager. manager.conf allows one to specify the cert file but one normally must also specify the private key file. If I simply enter the cert file: sslenable=yes sslbindport=5038 sslbindaddr=172.x.x.8 sslcert=/etc/pki/tls/certs/pbxc.pem ; path to the certificate. ; sslcipher=cipher string It errors as I expect it would: pbx*CLI manager reload == Parsing '/etc/asterisk/manager.conf': == Found SSL cert error /etc/pki/tls/certs/pbxc.pem How does one specify the private key for the manager.conf file? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] TLS Manager
After some testing and false starts, it looks like PKCS#12 does not work but simple concatenation does. Thanks - John On Mon, 2009-07-27 at 06:38 -0400, John A. Sullivan III wrote: Thank you although that seems a bit strange. Does one simply concatenate them together or is it really looking for a PKCS#12 file? Thanks - John On Sun, 2009-07-26 at 10:03 -0700, Eric Chamberlain wrote: The pem file should contain both the private key and the certificate. On Jul 24, 2009, at 4:08 PM, John A. Sullivan III wrote: Hello, all. After many pages of googling and testing in the lab, I'm still a bit perplexed about how to implement tls protection for the asterisk manager. manager.conf allows one to specify the cert file but one normally must also specify the private key file. If I simply enter the cert file: sslenable=yes sslbindport=5038 sslbindaddr=172.x.x.8 sslcert=/etc/pki/tls/certs/pbxc.pem ; path to the certificate. ; sslcipher=cipher string It errors as I expect it would: pbx*CLI manager reload == Parsing '/etc/asterisk/manager.conf': == Found SSL cert error /etc/pki/tls/certs/pbxc.pem How does one specify the private key for the manager.conf file? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] TLS Manager
The pem file should contain both the private key and the certificate. On Jul 24, 2009, at 4:08 PM, John A. Sullivan III wrote: Hello, all. After many pages of googling and testing in the lab, I'm still a bit perplexed about how to implement tls protection for the asterisk manager. manager.conf allows one to specify the cert file but one normally must also specify the private key file. If I simply enter the cert file: sslenable=yes sslbindport=5038 sslbindaddr=172.x.x.8 sslcert=/etc/pki/tls/certs/pbxc.pem ; path to the certificate. ; sslcipher=cipher string It errors as I expect it would: pbx*CLI manager reload == Parsing '/etc/asterisk/manager.conf': == Found SSL cert error /etc/pki/tls/certs/pbxc.pem How does one specify the private key for the manager.conf file? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] TLS Manager
On 25/07/09 00:08, John A. Sullivan III wrote: Hello, all. After many pages of googling and testing in the lab, I'm still a bit perplexed about how to implement tls protection for the asterisk manager. manager.conf allows one to specify the cert file but one normally must also specify the private key file. If I simply enter the cert file: sslenable=yes sslbindport=5038 sslbindaddr=172.x.x.8 sslcert=/etc/pki/tls/certs/pbxc.pem ; path to the certificate. ; sslcipher=cipher string It errors as I expect it would: pbx*CLI manager reload == Parsing '/etc/asterisk/manager.conf': == Found SSL cert error/etc/pki/tls/certs/pbxc.pem How does one specify the private key for the manager.conf file? Thanks - John Not quite the same thing I know, but it might help. I use stunnel for the AMI so the connection is transported in a SHH tunnel. It's quite easy to setup. Alan ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users