Secure SIP/TLS interface

Discussion in '3CX Phone System - General' started by klm, Nov 29, 2016.

Thread Status:
Not open for further replies.
  1. klm

    klm

    Joined:
    Nov 29, 2016
    Messages:
    20
    Likes Received:
    2
    Hello,

    I test 3CX solution and I want to enable SIP TLS to secure connection between SIP software and 3CX server.

    I generate a private certificate for the local interface but i don't know how can i generate the same certificate for public interface to secure the remote session.

    I tried to generate a SAN certificate with the two IPs (local and public) and add a vritual IP to my debian but my problem is not resolved.

    In fact when i try to make a remote session with the public IP the certificate shown is the local certificate with the IP lan but the SIP software asks a certificate with the public IP and cuts the session.

    LOGS :

    [29.11.2016 10:57:09.969][12] 10:57:09.969 pjsua_acc.c .Acc 2: Registration sent
    [29.11.2016 10:57:09.969][12] pjsua_acc_set_registration returned 0
    [29.11.2016 10:57:09.988][1] Line unregistered with code 0
    [29.11.2016 10:57:11.200][12] 10:57:11.200 pjsua_acc.c Disconnected notification for transport tlsc0CEFCF04
    [29.11.2016 10:57:11.201][12] 10:57:11.201 tlsc0CEFCF04 TLS connect() error: SSL certificate verification error (PJSIP_TLS_ECERTVERIF)
    Code:
    [29.11.2016 10:57:11.201][12] 10:57:11.201    tsx06A5AE14  Failed to send Request msg REGISTER/cseq=32835 (tdta08BF40A0)! err=171173 (SSL certificate verification error (PJSIP_TLS_ECERTVERIF))
    [29.11.2016 10:57:11.201][12] 10:57:11.201    pjsua_acc.c  ..SIP registration failed, status=503 (SSL certificate verification error (PJSIP_TLS_ECERTVERIF))
    [29.11.2016 10:57:11.201][12] 10:57:11.201 PjsuaCallbacks  ..******* ON_REG_STATE2 ********* acc_id 2, status 0, code 503, expiration -1
    [29.11.2016 10:57:11.201][12] 10:57:11.201      PjsipLine  ..******* ON_REG_STATE2  10
    [29.11.2016 10:57:11.202][12] 10:57:11.202   tlsc0CEFCF04  TLS transport destroyed with reason 171173: SSL certificate verification error (PJSIP_TLS_ECERTVERIF)
    
    I sought informations across the blog, forum... but i found nothing...
    
    Can you help me ?
    
    Best Regards,
    
    Klm
     
  2. klm

    klm

    Joined:
    Nov 29, 2016
    Messages:
    20
    Likes Received:
    2
    Problem resolved !

    In fact you must generate a private certificate with you public IP for me my public FQDN and change the configuration deployed in your software : LOCAL IPBX with your FQDN the same of External IPBX.

    I search how to change this information (LOCAL IPBX) when the config file is sent by email...
     
Thread Status:
Not open for further replies.