A wee Asterisk self-signed certificate sharing

ekim34351855

Ekim

Posted on June 4, 2021

A wee Asterisk self-signed certificate sharing

Weekly sharing

Hi everyone, I am Ekim, a fresh Bootcamp graduate and an IT helper (I don't dare to call myself a programmer yet). Every Friday, I will share some of the work that I've done over the last week in a bid to get feedbacks from you guys and record my journey to become a programmer.

Previously

Basic IVR with Asterisk

Introduction

Last week, I was doing something related to WebRTC, which was an amazing experience. However, there's one thing I got stuck for a pretty long time related to web socket. It turns out I had to manually permit access for different ports I used even though I had created a self-signed certificate. Today, I would like to share how to create a self-signed certificate on Asterisk and import that into your browser.

Create your self-signed certificate

  • It is not difficult to create a self-signed certificate.
cd /asterisk-18.3.0/contrib/scripts         # go to /contrib/script

# -C = DNS name or our IP address, -O = organizational name, -d = output directory of the keys
# use the same pass phrase you want for the whole registration
sudo ./ast_tls_cert -C <server-ip> -O "<organizational name>" -d /etc/asterisk/keys

# check if the 'keys' file exists
ls -w 1 /etc/asterisk/keys

sudo service asterisk restart
Enter fullscreen mode Exit fullscreen mode

Import your certificate to let waive manual permission access

  • Now, we are going to import our ca.crt into our browser. I will use Firefox and Chrome as examples.
  • You may wonder why you need to import the certificate. The reason is that once you import your certificate, you don't need to permit access for browser to go to your web every time.
  • More importantly, when you play around with WebRTC, you need to enable the web socket every time if you don't do so, which is absolutely annoying.

Firefox browser set-up

If you are using Firefox browser, please:

  • Go to "Options"

microsip-set-up

  • Select "Privacy & Security"

microsip-set-up

  • Scroll to the bottom of the page under "Security" and "Certificates"

  • Select "View Certificates"

microsip-set-up

  • Make sure "Authorities is selected"

microsip-set-up

  • Import "ca.crt", the self-signed certificate we have just created, which is located at /etc/asterisk/keys

  • Check "Trust this CA to identify websites" and "Trust this CA to identify email users"

microsip-set-up

  • Then click "ok"

Conclusion

If you also face the web socket granting permission problem like I did, I hope you would find this article helpful to you. Or if you are interested in WebRTC, please check out this guide: https://github.com/paneru-rajan/asterisk-jssip. A big shoutout to paneru-rajan who provides the WebRTC set-up guide. In the meantime, please take care and stay healthy, and I will see you next week.

💖 💪 🙅 🚩
ekim34351855
Ekim

Posted on June 4, 2021

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related