Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Secure SIP/TLS interface

Discussion in '3CX Phone System - General' started by klm, Nov 29, 2016.

Thread Status:
Not open for further replies.
  1. klm

    klm

    Joined:
    Nov 29, 2016
    Messages:
    20
    Likes Received:
    2
    Hello,

    I test 3CX solution and I want to enable SIP TLS to secure connection between SIP software and 3CX server.

    I generate a private certificate for the local interface but i don't know how can i generate the same certificate for public interface to secure the remote session.

    I tried to generate a SAN certificate with the two IPs (local and public) and add a vritual IP to my debian but my problem is not resolved.

    In fact when i try to make a remote session with the public IP the certificate shown is the local certificate with the IP lan but the SIP software asks a certificate with the public IP and cuts the session.

    LOGS :

    [29.11.2016 10:57:09.969][12] 10:57:09.969 pjsua_acc.c .Acc 2: Registration sent
    [29.11.2016 10:57:09.969][12] pjsua_acc_set_registration returned 0
    [29.11.2016 10:57:09.988][1] Line unregistered with code 0
    [29.11.2016 10:57:11.200][12] 10:57:11.200 pjsua_acc.c Disconnected notification for transport tlsc0CEFCF04
    [29.11.2016 10:57:11.201][12] 10:57:11.201 tlsc0CEFCF04 TLS connect() error: SSL certificate verification error (PJSIP_TLS_ECERTVERIF)
    Code:
    [29.11.2016 10:57:11.201][12] 10:57:11.201    tsx06A5AE14  Failed to send Request msg REGISTER/cseq=32835 (tdta08BF40A0)! err=171173 (SSL certificate verification error (PJSIP_TLS_ECERTVERIF))
    [29.11.2016 10:57:11.201][12] 10:57:11.201    pjsua_acc.c  ..SIP registration failed, status=503 (SSL certificate verification error (PJSIP_TLS_ECERTVERIF))
    [29.11.2016 10:57:11.201][12] 10:57:11.201 PjsuaCallbacks  ..******* ON_REG_STATE2 ********* acc_id 2, status 0, code 503, expiration -1
    [29.11.2016 10:57:11.201][12] 10:57:11.201      PjsipLine  ..******* ON_REG_STATE2  10
    [29.11.2016 10:57:11.202][12] 10:57:11.202   tlsc0CEFCF04  TLS transport destroyed with reason 171173: SSL certificate verification error (PJSIP_TLS_ECERTVERIF)
    
    I sought informations across the blog, forum... but i found nothing...
    
    Can you help me ?
    
    Best Regards,
    
    Klm
     
  2. klm

    klm

    Joined:
    Nov 29, 2016
    Messages:
    20
    Likes Received:
    2
    Problem resolved !

    In fact you must generate a private certificate with you public IP for me my public FQDN and change the configuration deployed in your software : LOCAL IPBX with your FQDN the same of External IPBX.

    I search how to change this information (LOCAL IPBX) when the config file is sent by email...
     
Thread Status:
Not open for further replies.