This article is meant to assist you in connecting Snom devices with VoipNow using TLS protocol.
Requirements
Before you start, make sure you have the following:
- The latest VoipNow version (3.0.0 or newer)
- At least a Snom 320 phone 320 phone device
Step-by-step guide
Set Up the Server
On the VoipNow server or on the SIP node (if you have a distributed system) do the followingOn the VoipNow server or on the SIP node (if you have a distributed system) do the following:
STEP 1: Open Open /etc/kamailio/kamailio.cfg
STEP 2: Check the value of the verifythe verify_certificate parameter certificate parameter for the the TLS module module:
Code Block |
---|
# Check an user certificate to be correctly signed by a trusted CA modparam("tls", "verify_certificate", 0) |
If it's set to 0, it means Kamailio will not verify the certificate with a CA. If this is what you want, you can start If it's set to 0, it means Kamailio will not verify the certificate with a CA. If this is what you want, you can start setting up the phone. Otherwise, continue with the next stepOtherwise, continue with the next step
STEP 3: Under the line below:
...
Code Block |
---|
tls_ca_list="/etc/kamailio/tls/user/user-calist.pem" |
STEP 4: Open Open /etc/kamailio/tls/user/user-calist.pem
STEP 5: Append the list of snom CAs that you can find find here.
STEP 6: Restart Kamailio by running:
Code Block |
---|
/etc/init.d/kamailio restart |
At this point, the server setup is complete.
Set
...
up the
...
phone
STEP 1: In In the web interface of your Snom phone device, add new details related to your account (user, password, proxy, etc) as indicated below:
- Go to a free Identity (e.g. Identity 3)
- Activate it (select select on next to next to Identity active)
- Write the name of the extension you are using in the the Account field field (e.g. 0003*003)
- Write the password
- In the registrar and the outbound proxy fields, write the Kamailio server address as described server address as described here
Code Block |
---|
<ip_address|hostname>:<tls_port>;transport=tls #example: 192.168.1.10:5061;transport=tls |
STEP 2: The Snom phone device needs to accept the 4psa certificate used by Kamailio. For this, go to to Setup -> Certificates.
- In the the Unknown Certificates tab tab, there is a list of all certificates unknown by the Snom phone
- Click the the Add exception link link next to the one supplied by the Kamailio server
...
Code Block |
---|
TLS: Warning: Certificate with subject Country: US; State: Florida; Locality ; Organization: 4PSA; Common Name: ; eMail: has expired according to the local time of the phone. TLS: Warning: Certificate clash. Certificate with subject Country: US; State: Florida; Locality ; Organization: 4PSA; Common Name: ; eMail: is not trusted.Different server certificate with same subject exists on the phone. TLS: Refusing TLS connection. Invalid or unknown Certificate received |
Related
...
articles
Content by Label | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.