4PSA Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Wikid

Saved on

compared with

New Version Current

changes.mady.by.user Wikid

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated using 4PSA automated script

This article is meant to assist you in connecting Snom devices with VoipNow using TLS protocol.

Requirements

Before you start, make sure you have the following:

  • The latest VoipNow version (3.0.0 or newer)
  • At least a Snom 320 phone 320 phone device

Step-by-step guide

Set Up the Server

On the VoipNow server or on the SIP node (if you have a distributed system) do the followingOn the VoipNow server or on the SIP node (if you have a distributed system) do the following:

STEP 1:  Open Open /etc/kamailio/kamailio.cfg

STEP 2:  Check the value of the verifythe verify_certificate parameter certificate parameter for the the TLS module module:

Code Block
# Check an user certificate to be correctly signed by a trusted CA 
modparam("tls", "verify_certificate", 0)

If it's set to 0, it means Kamailio will not verify the certificate with a CA. If this is what you want, you can start If it's set to 0, it means Kamailio will not verify the certificate with a CA. If this is what you want, you can start setting up the phone.  Otherwise, continue with the next stepOtherwise, continue with the next step 

STEP 3: Under the line below:

...

Code Block
tls_ca_list="/etc/kamailio/tls/user/user-calist.pem"

STEP 4: Open Open /etc/kamailio/tls/user/user-calist.pem

STEP 5: Append the list of snom CAs that you can find find here.

STEP 6: Restart Kamailio by running: 

Code Block
/etc/init.d/kamailio restart

At this point, the server setup is complete.

Set

...

up the

...

phone

STEP 1: In In the web interface of your Snom phone device, add new details related to your account (user, password, proxy, etc) as indicated below:

  • Go to a free Identity (e.g. Identity 3)
  • Activate it (select select on next to  next to Identity active)
  • Write the name of the extension you are using in the the Account field field (e.g. 0003*003)
  • Write the password
  • In the registrar and the outbound proxy fields, write the Kamailio server address as described server address as described here
Code Block
<ip_address|hostname>:<tls_port>;transport=tls
#example:
192.168.1.10:5061;transport=tls

STEP 2:  The Snom phone device needs to accept the 4psa certificate used by Kamailio. For this, go to to Setup -> Certificates.

  • In the the Unknown Certificates tab tab, there is a list of all certificates unknown by the Snom phone
  • Click the the Add exception link link next to the one supplied by the Kamailio server

...

Code Block
TLS: Warning: Certificate with subject Country: US; State: Florida; Locality ; Organization: 4PSA; Common Name: ; eMail:   has expired according to the local time of the phone.
TLS: Warning: Certificate clash. Certificate with subject Country: US; State: Florida; Locality ; Organization: 4PSA; Common Name: ; eMail:   is not trusted.Different server certificate with same subject exists on the phone.
TLS: Refusing TLS connection. Invalid or unknown Certificate received

...

Content by Label
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
showSpacefalse
reversetrue
typepage
cqllabel in ("tls","snom") and space = currentSpace()
labelskb-how-to-article voipnow tls snom

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.