Jump to content

TLS


jartiili
 Share

Recommended Posts

I try to make TLS session whit Eyebeam softphone, but pbxnsip server (WIN XP version)

disconnect handshake after client key exchange packet. It send Server cerificate corretly

I install server ceritficate and private key whit PEM format.

Server side log do not have any errors only "SIP port accept from <IP address>" message.

Any idea what goes wrong?

Link to comment
Share on other sites

I try to make TLS session whit Eyebeam softphone, but pbxnsip server (WIN XP version)

disconnect handshake after client key exchange packet. It send Server cerificate corretly

I install server ceritficate and private key whit PEM format.

Server side log do not have any errors only "SIP port accept from <IP address>" message.

Any idea what goes wrong?

 

The eyebeam is strict with the certificates. You can test if the eyebeam would accept it by doing to the PBX web interface with the Internet Explorer and see if it complains about certificates. You may have to import the root certificate into Explorer. If Explorer does not complain any more, then give it another try with eyebeam.

Link to comment
Share on other sites

The eyebeam is strict with the certificates. You can test if the eyebeam would accept it by doing to the PBX web interface with the Internet Explorer and see if it complains about certificates. You may have to import the root certificate into Explorer. If Explorer does not complain any more, then give it another try with eyebeam.

 

 

Problem seem to be PBX, it send alert and disconnect when cliet send key exchage packet

pbx certificate seem to be ok, server hello have correct certificate included and client accep it.

Link to comment
Share on other sites

  • 6 months later...

How do you add the root certificates for pbxnsip? IE complained about certificate being not valid and when I look at the certificate details in the General tab, the validation date shows "Valid from 7/1/2005 to 7/1/2006". How can I extend this validation period for the certificate?

 

---- Certificate window General Tab ---

 

Certificate Information

This certificate cannot be verified up to a trusted certification authority.

 

Issued to: localhost

 

Issued by: Product Development

 

Valid from 7/1/2005 to 7/1/2006

 

---- END ----

 

PBXnSIP is set to propose secure connection. SNOM 360s work just fine. eyeBeam version 1.5.19.2 Build 49847 can register, make calls but can't receive calls. SIP log has the following output;

 

"SIP/2.0 415 No secure channel available for encrypted call"

 

Do you think it is the certificate? if so how can I extend the validation period?

 

Thanks,

 

 

The eyebeam is strict with the certificates. You can test if the eyebeam would accept it by doing to the PBX web interface with the Internet Explorer and see if it complains about certificates. You may have to import the root certificate into Explorer. If Explorer does not complain any more, then give it another try with eyebeam.
Link to comment
Share on other sites

OK, I've found this

 

http://wiki.pbxnsip.com/index.php/Getting_...lid_Certificate

 

but I don't think this would help, right?

 

Well, counterpath is strict with the certificates. As a rule of thumb, your Web browser must be able to go to the web server of the PBX (using https), without complaining. You can do that by importing e.g. the cacert.org root certificate into the Internet Explorer. I did that some time ago and then the counterpath softphone worked fine.

Link to comment
Share on other sites

Thanks for your reply. I've solved the problem but forgot to write it here. The previous posts and the wiki link definitely helped.

 

I've followed a similar way as you've suggested; instead of cacert.org root certificate, I've created a personal/test CA cert using the openSSL and copied the Certificate and RSA key to the PBXnSIP page. After that I had to add the CA cert to my "Trusted Root Certification Authorities" via IE.

 

This was just a test to get eyeBeam working with TLS/SRTP. Our client has agreed to get a signed CA Cert from a Certificate Authority (Verisign, Thawtee etc).

 

Thanks again for your help.

 

Well, counterpath is strict with the certificates. As a rule of thumb, your Web browser must be able to go to the web server of the PBX (using https), without complaining. You can do that by importing e.g. the cacert.org root certificate into the Internet Explorer. I did that some time ago and then the counterpath softphone worked fine.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...