Install Asterisk with TLS

Asterisk 1.6 (upper), and Opensips support TLS protocol. 

I used Asterisk 1.6.1.6 to support TLS calls.

This is install instruction.

 

1. Download Asterisk : Get the lastest version in www.asterisk.org .

2. Download Zaptel, Libpri and other libraries which used in Asterisk.  (configure;make;make install)

3. Unzip Asterisk install file get from www.astrisk.org  in /usr/src directory. (U can change the directory. but using this directory, is easy to handle.)

4. Compile Asterisk

./configure --with-ssl

make

make install

make samples

4. Confirm /etc/asterisk has been generated. now start to set the configure file. 

5. Set tls configuration and user configuration in /etc/asterisk/sip.conf file.

<sample>

tcpenable=yes

tcpbindaddr=0.0.0.0

tlsenable=yes

tlsbindaddr=0.0.0.0

 

tlscertfile=/tmp/asterisk/asterisk.pem

tlscafile=/tmp/asterisk/asterisk.pem

[100]
type=friend
username=100
;secret=100
canreinvite=no
host=dynamic
callerid=100
transport=tls,tcp
[101]
type=friend
username=101
;secret=101
canreinvite=no
host=dynamic
callerid=101
transport=tls,tcp

 

6. Set  /etc/asterisk/extensions.conf file to configure the calls.

<sample>

exten => 100,1,Dial(SIP/100,30,rt)
exten => 100,2,Congestion
exten => 100,3,Hangup

 

exten => 101,1,Dial(SIP/101,30,rt)
exten => 101,2,Congestion
exten => 101,3,Hangup

7. Execute safe_asterisk command. and test it. using the SIP phone.

Success!!

 

bonus - Get free certificate used in Asterisk

Useing openssl - refer this link;

http://panoptic.com/wiki/aolserver/How_to_generate_self-signed_SSL_certificates

 

1. Generate Key file

openssl genrsa -out key.pem 1024

2. Generate Cert file

openssl req -new -key key.pem -out request.pem
openssl x509 -req -days 365 -in request.pem -signkey key.pem -out certificate.pem

Modify like this; (in Asterisk, Cert file and Key file have to put together in one file.) 

cat key.pem > asterisk.pem
cat certificate.pem >> asterisk.pem