Jump to content

TLS

jartiili

By jartiili
in VoIP Phones

 Share

Recommended Posts

jartiili Newbie

jartiili

Posted
Posted

I try to make TLS session whit Eyebeam softphone, but pbxnsip server (WIN XP version)

disconnect handshake after client key exchange packet. It send Server cerificate corretly

I install server ceritficate and private key whit PEM format.

Server side log do not have any errors only "SIP port accept from <IP address>" message.

Any idea what goes wrong?

Link to comment
Share on other sites
Vodia PBX Grand Master

Vodia PBX

Posted
Posted
I try to make TLS session whit Eyebeam softphone, but pbxnsip server (WIN XP version)

disconnect handshake after client key exchange packet. It send Server cerificate corretly

I install server ceritficate and private key whit PEM format.

Server side log do not have any errors only "SIP port accept from <IP address>" message.

Any idea what goes wrong?

 

The eyebeam is strict with the certificates. You can test if the eyebeam would accept it by doing to the PBX web interface with the Internet Explorer and see if it complains about certificates. You may have to import the root certificate into Explorer. If Explorer does not complain any more, then give it another try with eyebeam.

Link to comment
Share on other sites
jartiili Newbie

jartiili

Posted
  • Author
Posted
The eyebeam is strict with the certificates. You can test if the eyebeam would accept it by doing to the PBX web interface with the Internet Explorer and see if it complains about certificates. You may have to import the root certificate into Explorer. If Explorer does not complain any more, then give it another try with eyebeam.

 

 

Problem seem to be PBX, it send alert and disconnect when cliet send key exchage packet

pbx certificate seem to be ok, server hello have correct certificate included and client accep it.

Link to comment
Share on other sites
  • 6 months later...
intParse (Medisys) Newbie

intParse (Medisys)

Posted
Posted

How do you add the root certificates for pbxnsip? IE complained about certificate being not valid and when I look at the certificate details in the General tab, the validation date shows "Valid from 7/1/2005 to 7/1/2006". How can I extend this validation period for the certificate?

 

---- Certificate window General Tab ---

 

Certificate Information

This certificate cannot be verified up to a trusted certification authority.

 

Issued to: localhost

 

Issued by: Product Development

 

Valid from 7/1/2005 to 7/1/2006

 

---- END ----

 

PBXnSIP is set to propose secure connection. SNOM 360s work just fine. eyeBeam version 1.5.19.2 Build 49847 can register, make calls but can't receive calls. SIP log has the following output;

 

"SIP/2.0 415 No secure channel available for encrypted call"

 

Do you think it is the certificate? if so how can I extend the validation period?

 

Thanks,

 

 

The eyebeam is strict with the certificates. You can test if the eyebeam would accept it by doing to the PBX web interface with the Internet Explorer and see if it complains about certificates. You may have to import the root certificate into Explorer. If Explorer does not complain any more, then give it another try with eyebeam.
Link to comment
Share on other sites
Vodia PBX Grand Master

Vodia PBX

Posted
Posted
OK, I've found this

 

http://wiki.pbxnsip.com/index.php/Getting_...lid_Certificate

 

but I don't think this would help, right?

 

Well, counterpath is strict with the certificates. As a rule of thumb, your Web browser must be able to go to the web server of the PBX (using https), without complaining. You can do that by importing e.g. the cacert.org root certificate into the Internet Explorer. I did that some time ago and then the counterpath softphone worked fine.

Link to comment
Share on other sites
intParse (Medisys) Newbie

intParse (Medisys)

Posted
Posted

Thanks for your reply. I've solved the problem but forgot to write it here. The previous posts and the wiki link definitely helped.

 

I've followed a similar way as you've suggested; instead of cacert.org root certificate, I've created a personal/test CA cert using the openSSL and copied the Certificate and RSA key to the PBXnSIP page. After that I had to add the CA cert to my "Trusted Root Certification Authorities" via IE.

 

This was just a test to get eyeBeam working with TLS/SRTP. Our client has agreed to get a signed CA Cert from a Certificate Authority (Verisign, Thawtee etc).

 

Thanks again for your help.

 

Well, counterpath is strict with the certificates. As a rule of thumb, your Web browser must be able to go to the web server of the PBX (using https), without complaining. You can do that by importing e.g. the cacert.org root certificate into the Internet Explorer. I did that some time ago and then the counterpath softphone worked fine.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


×
×
  • Create New...