Thanks Sean for the note. It does look Selinux might have a hand in the
pot. I did try with selinux permission set to permissive and it made no
difference though. Keeping configuration related stuff under /etc/asterisk
seems to help.
--Ruisheng
On Mon, Feb 1, 2021 at 8:09 AM Sean Bright
Michael,
There weren't any open or openat actions on the cert files (located under
/home/asterisk/certs). The same is true for cert files located under
/etc/asterisk/keys:
24138 stat("/etc/asterisk/keys/fullchain.pem", {st_mode=S_IFREG|0640,
st_size=34
44, ...}) = 0
24138 geteuid()
Hi,
On 1/26/2021 3:12 PM, Ruisheng Peng wrote:
Transport: transport-tls: cert_file
/home/asterisk/certs/asterisk.crt is either missing or not readable
This error means that the file either does not exist or that Asterisk is
not able to open it for reading. In your case it looks like the file
On 29.01.21 at 22:33 Ruisheng Peng wrote:
Thanks for the detailed explanation Michael.
I stop the current asterisk process (started by systemd), and restart it as
asterisk:
[asterisk@voip1 ~]$ strace -f -o /home/asterisk/strace.log asterisk -fmq
-vvv -C /etc/asterisk/asterisk.conf
from the
beating around bushes, and finally seem to stomp on something that worked!
Simply move the cert file locations from /home/asterisk/certs to
/etc/asterisk/keys
[root@voip1 asterisk]# ls -l keys
total 36
-rw-r-. 1 asterisk asterisk 1212 Jan 29 14:18 asterisk.crt
-rw-r-. 1 asterisk
Thanks for the detailed explanation Michael.
I stop the current asterisk process (started by systemd), and restart it as
asterisk:
[asterisk@voip1 ~]$ strace -f -o /home/asterisk/strace.log asterisk -fmq
-vvv -C /etc/asterisk/asterisk.conf
from the log there was no attempt to even open the
Thanks Stefan for the pointer.
There isn't a /etc/ssl/openssl.cnf on the Centos7 box. There is a
/etc/pki/tls/openssl.cnf, but there's no MinProtocol or CipherString
defined there. I installed corebot (for Letsencrypt auto renewal) thru
snap. The openssl.cnf that comes with snap (under
On Tue, Jan 26, 2021 at 10:12:22AM -1000, Ruisheng Peng wrote:
> The self-sign asterisk.crt:
I saved that file in "x.crt".
openssl x509 -in x.crt -noout -text
RSA Public-Key: (1024 bit)
> and Letsencrypt cert.pem:
I saved that file in "y.crt".
openssl x509 -in y.crt -noout
On 29.01.21 at 06:41 Michael Maier wrote:
On 27.01.21 at 22:57 Ruisheng Peng wrote:
Thanks Michael for the suggestion! I've installed strace and assigned one
of the endpoints (SOFTPHONE_B) to use transport-tls. Then run strace (as
user asterisk):
[asterisk@voip1 ~]$ strace asterisk -rx
On 27.01.21 at 22:57 Ruisheng Peng wrote:
Thanks Michael for the suggestion! I've installed strace and assigned one
of the endpoints (SOFTPHONE_B) to use transport-tls. Then run strace (as
user asterisk):
[asterisk@voip1 ~]$ strace asterisk -rx "module reload res_pjsip.so"
You should use
Thanks Michael for the suggestion! I've installed strace and assigned one
of the endpoints (SOFTPHONE_B) to use transport-tls. Then run strace (as
user asterisk):
[asterisk@voip1 ~]$ strace asterisk -rx "module reload res_pjsip.so"
execve("/usr/sbin/asterisk", ["asterisk", "-rx", "module reload
On 26.01.21 at 21:12 Ruisheng Peng wrote:
> Hi,
>
> I'm experimenting with Asterisk-16.14.0 on a CentOS7 box, and run into
> problems loading the SSL certificate to establish transport-tls. Tried
> self-signed certificate generated with ast_tls_cert under contrib/scripts
> and the one issued
Hi,
I'm experimenting with Asterisk-16.14.0 on a CentOS7 box, and run into
problems loading the SSL certificate to establish transport-tls. Tried
self-signed certificate generated with ast_tls_cert under contrib/scripts
and the one issued by Letsencrypt, both would bomb out with a parsing
13 matches
Mail list logo
