Sidebar Sidebar
  • V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Secure SIP TLS on Android/IOS 3CX Clients with Custom Domain Not Working

Status
Not open for further replies.

Periklis

Bronze Partner
Basic Certified
Joined
Jul 26, 2018
Messages
8
Reaction score
0
Hi,

Is secure SIP (TLS) supported on Android/IOS 3CX clients when using a non 3CX domain name with our own SSL? Currently the PBX is hosted on the cloud, on a custom subdomain of ours, non 3CX. We purchased and used our own trusted wildcard SSL, and there are no certificate errors, or warnings when accessing the PBX management console from a browser, the certificate shows valid.

All extensions are remote pointing to the PBX FQDN, and the IP of the PBX is static. Our hardware IP phones can register, and do operate with secure SIP and SRTP, both forced; the 3CX soft phones, on the other hand fail to register when TLS is enabled (error:register failed, service unavailable); they only register when TCP, or UDP is used; there is no support for secure SIP.

All ports on the firewalls are configured properly, and the exact same setup was tested with a 3CX subdomain (backup and restore without FQDN), and everything worked as expected, all 3cx sip phones, android and IOS, where able to get registered, and operate with secure SIP and SRTP.

Any input will be greatly appreciated.

Thanks!
 
@edossantos,

You provided valuable input in the past, can you review this thread?

Thanks!
 
Similar issue I am experiencing too , I have shred logs and detailed info here
https://www.3cx.com/community/threads/3cx-android-client-secure-sip-tls.60507/

Windows 3CX soft client works fine ,
Android I have issues
I do not have iOS to test

help greatly welcome

Based on my logs, it is a bug in the app which gives and says SSL certi verification failed
I use FQDN cert , no wildcard
Please check my post
 
Thanks for the input @mobilowa,

Indeed this works fine on windows, i just tested it. I opened up a support ticket with 3CX, i will share any findings.
 
Periklis said:
Thanks for the input @mobilowa,

Indeed this works fine on windows, i just tested it. I opened up a support ticket with 3CX, i will share any findings.
Click to expand...

Many Thanks . . .
Kindly share me what 3CX Support team says
Any workaround, or his will be fixed in next app version release

I believe it is a bug in App in Android n IOS, App failed to verify Custom FQDN certificate issues by commercial CA with error code of "PJSIP_TLS_ECERTVERIF"
Subsequently 3CX android app fails ti send SIP register message to sever over TLS
 
@mobilowa

I am quoting below the response of 3CX support

"I'm afraid for SIP TLS you will need a certificate specific to your FQDN, no wildcard certificates are accepted as a general rule. As per RFC 5922 (https://tools.ietf.org/html/rfc5922) it is said "this document prohibits such wildcards in certificates for SIP domains.""

I did try using wildcard SSL's, multi domain SSL's, and also a standalone SSL both with www and without www; they all failed, the soft phones were unable to register with secure SIP and SRTP. I will work on a non production machine with a custom domain and a PRO license; if there any further findings, i will post. Feel free to add any of your findings.

Thanks
 
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Members Online Now

Total: 487 (members: 33, guests: 454)

Forum statistics

Threads
141,922
Messages
751,171
Members
145,355
Latest member
Synology
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top Bottom
Back