SSL working settings
Replies (5)
RE: SSL working settings
-
Added by Wittie Manansala almost 4 years ago
Hi David,
Thank your for sharing.
RE: SSL working settings
-
Added by Alfred Vilsmeier almost 4 years ago
David Reedy wrote:
Hello everyone,
I have been fighting with GOautodail SSL for the past week. Today i finally have a working model and wanted to share with everyone what settings worked for me.
This server is behind a NAT.
etc/kamailio/kamailio.cfg
MY_IP_ADDR!"internal IP address"!g ----exclude""
MY_DOMAIN!"external dns that is linked to external IP address"!g ---exclude ""alias="internal IP address"
alias="External DNS"listen=udp:"Internal IP address":5060 ---exclude ""
listen=udp:127.0.0.1:5060modparam("rtpengine", "rtpengine_sock", "udp:"Ineternal IP address":5066") ---exclude ""
etc/kamailio/tls.cfg
[server:default]
method = TLSv1
private_key = /etc/letsencrypt/live/DNS/privkey.pem
certificate = /etc/letsencrypt/live/DNS/cert.pem#private_key = /etc/pki/tls/private/localhost.key --- make sure to mark off these 2 items. so that the system doesn't use them.
#certificate = /etc/pki/tls/certs/localhost.crt/etc/rtpengine/rtpengine.conf
interface = internal IP address
listen-ng = "Internal IP addres":5066 --- except ""
/etc/asterisk/sip-goautodial.cfg
host=+localhost+ ;change me to my FQDN
--- the host is for the registration of the phone to the asterisk. without this you will get a 407 proxy error. My setup is behind a firewall and NAT'd.Make sure if you are using a CERT that the
vi /var/www/html/php/goCRMAPISettings.php
matches the CERT name.
I think that does it for all the CLI settings that i had to change.
This next stage is on the admin web section of the GOautodial.
Administration-->GoWebRTC DIaler Settings
WebRTC Websocket HOST/IP
External DNS -- make sure that if you are using a certificate that the host name of the cert is what is used here. without the DNS you will get that nasty ERR_CERT
WebRTC SIP Host/IP
Internal IP address
Kamailio Domain
Internal IP address
After all the setting have been changed I find that a system reboot is needed. Once the system is back up check asterisk -vvvr
and see if "sip show peers" has kamailio registered.kamailio 127.0.0.1 Yes Yes 5060 OK (1 ms)
Make a test call and see how it goes. Good luck.
I am pretty new to this forum so i hope this helps. If i have something incorrect let me know.
Hi David, would you mind sharing your kamailio.cfg, tls.cfg and the rest of settings you needed to tweak to work behind NAT with TLS? I tried following your suggestions but was unable to get it to work.
I do have a valid SSL cert, no permissions issue or anything, if you could share that that would be AWESOME, either here, through pastebin or I'll share my email address if you prefer that,
Thank you!
RE: SSL working settings
-
Added by David Reedy over 3 years ago
Sorry for the last reply.
The system doesn't seem to be informing me about new post. Have you had any success in getting your installation to run?
RE: SSL working settings
-
Added by David Reedy over 3 years ago
I spun up the goautodial again and had to troubleshoot it a bit. i found another post that help fix the issue i was having with ssl. here is the link.
RE: SSL working settings
-
Added by David Reedy over 3 years ago
Thanks, i am glad to hear that you were able to resolve your issue. I ran into an issue again later on when i revisited goautodial and came across that post also. it worked immediately. I tried to update the post here but it would error out on me but it seems to be fix.