Hi, i am trying to set up a TLS/SRTP as a learning exercise and i have run out of ideas on how to make it work. Can anyone direct me to video or article that can help me or simly provide some guidence?
Set-up:
IP office demo server edition R12.1
Avaya J139 fw 4.1.9.0.8
Trying to use the default Avaya certificate to set TLS and srtp between the phone and PBX which are in the same network segment.
Certificate is valid and i had set up a 46xxspecials.txt to provision the phone and download the certificate from the PBX. this all works.
The issue is when i try to log in with the phone it gets stuck in acquiring service state. If i switch from TLS to TCP it works fine.
Following is the error from the log:
I tried to include the following commands in the specials, over the last few days trying to troubleshoot based on info i found online, but nothing seems to help.
I would appreciate any suggestions. Thank you
Set-up:
IP office demo server edition R12.1
Avaya J139 fw 4.1.9.0.8
Trying to use the default Avaya certificate to set TLS and srtp between the phone and PBX which are in the same network segment.
Certificate is valid and i had set up a 46xxspecials.txt to provision the phone and download the certificate from the PBX. this all works.
The issue is when i try to log in with the phone it gets stuck in acquiring service state. If i switch from TLS to TCP it works fine.
Following is the error from the log:
- CTLSSocket::NonBlockingSSLConnect(): SSL failed to connect[-1]
- CTLSSocket::SslSelectErrorHandle(): TLS connection failed. TLS SSL_connect error: 1, openssl error: (null)
- CTLSSocket::FinishConnect(): TLS connection failed.
- Utils::CPAssert(): ASSERT Error 39 - Invalid socket [More details] Invalid socket
- CTLSHandshakeHandler::RunMethod(): FinishConnect failed. this=0xb6702468, remote IP:Port 192.168.60.101:5061
- CControllerSearchState::OnActivationTimeout(): CONTROLLER_SEARCH: Enter Acquiring Services mode
- CRegistrationStateModelController::SetRegState(): VerifyingCredentials -> LoggedIn
I tried to include the following commands in the specials, over the last few days trying to troubleshoot based on info i found online, but nothing seems to help.
- SET ENABLE_IPOFFICE 2
- SET MEDIA_ENCRYPTION_ORDER "aes-128,null"
- SET OCSP_ENABLED 0
- SET TLS_POLICY 0
- SET CERT_VERIFICATION_CRITERIA 0
- SET SIP_CONTROLLER_LIST 192.168.60.101:5061;transport=tls
- SET ENCRYPT_SRTCP 1
- SET MEDIAENCRYPTION 1
- SET TRUSTCERTS WebRootCA.pem
- SET TLSSRVRID 0
- SET TLS_VERSION 1.2
- SET CIPHERS "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4:!TLS13"
- SET MSS 1300
- SET TLS_1_3_ENABLED 0
- Level: Fatal (2)
- Description: Unknown CA (48)
-
I would appreciate any suggestions. Thank you
.
Comment