This article is meant to assist you in connecting Snom devices with VoipNow using TLS protocol.
Requirements
Before you start, make sure you have the following:
- The latest VoipNow version (3.0.0 or newer)
- At least a Snom 320 phone device
Step-by-step guide
Set Up the Server
On the VoipNow server or on the SIP node (if you have a distributed system) do the following:
STEP 1: Open /etc/kamailio/kamailio.cfg
STEP 2: Check the value of the verify_certificate parameter for the TLS module:
Code Block |
---|
# Check an user certificate to be correctly signed by a trusted CA modparam("tls", "verify_certificate", 0) |
If it's set to 0, it means Kamailio will not verify the certificate with a CA. If this is what you want, you can start setting up the phone. Otherwise, continue with the next step
STEP 3: Under the line below:
Code Block |
---|
tcp_send_timeout=1 |
add the following:
Code Block |
---|
tls_ca_list="/etc/kamailio/tls/user/user-calist.pem" |
STEP 4: Open /etc/kamailio/tls/user/user-calist.pem
STEP 5: Append the list of snom CAs that you can find here.
STEP 6: Restart Kamailio by running:
Code Block |
---|
/etc/init.d/kamailio restart |
At this point, the server setup is complete.
Set up the phone
STEP 1: In the web interface of your Snom phone device, add new details related to your account (user, password, proxy, etc) as indicated below:
- Go to a free Identity (e.g. Identity 3)
- Activate it (select on next to Identity active)
- Write the name of the extension you are using in the Account field (e.g. 0003*003)
- Write the password
- In the registrar and the outbound proxy fields, write the Kamailio server address as described here
Code Block |
---|
<ip_address|hostname>:<tls_port>;transport=tls #example: 192.168.1.10:5061;transport=tls |
STEP 2: The Snom phone device needs to accept the 4psa certificate used by Kamailio. For this, go to Setup -> Certificates.
- In the Unknown Certificates tab, there is a list of all certificates unknown by the Snom phone
- Click the Add exception link next to the one supplied by the Kamailio server
STEP 3: Restart the phone.
At this point, the Snom phone device should be able to communicate with your Kamailio server via TLS.
Possible Problems
If you happen to see the warnings below in the Snom log, you need to make sure that the web interface of the phone accepts the server supplied certificate following the steps detailed above.
Code Block |
---|
TLS: Warning: Certificate with subject Country: US; State: Florida; Locality ; Organization: 4PSA; Common Name: ; eMail: has expired according to the local time of the phone. TLS: Warning: Certificate clash. Certificate with subject Country: US; State: Florida; Locality ; Organization: 4PSA; Common Name: ; eMail: is not trusted.Different server certificate with same subject exists on the phone. TLS: Refusing TLS connection. Invalid or unknown Certificate received |
Related articles
Content by Label | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.