Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SIP+TLS doesn't work for me

Status
Not open for further replies.

vitalissimo

Systems Engineer
Jan 5, 2023
7
RU
Hi all!

I'm trying to configure 9611G phone in SIP mode to work with my private SIP server. I configured Kamailio with certificates from LetsEncrypt; the soft phones like Baresip+ and LinPhone on my Android phone can connect successfully, but the Avaya phone doesn't. In the Kamailio log file I see alert about unknown CA which comes from the phone; ssldump also reports that connection is being canceled by the phone with the notification about unknown CA. So, I downloaded root and intermediate certificates from LetsEncrypt ( and set the options in Avaya configuration file: SET TRUSTCERTS x1.pem,r3.pem (though the LE certificates supposed to be trusted by default, according to this page). According to the server logs both files get downloaded by the phone:

[pre][08/Jan/2023:21:00:39 +0100] "GET /x1.pem HTTP/1.1" 200 1954 "-" "Mozilla/4.0 (compatible; MSIE 6.0) AVAYA/9611-7.1.15.2.1 (MAC:xxxxxxxx)"
[08/Jan/2023:21:00:39 +0100] "GET /r3.pem HTTP/1.1" 200 1856 "-" "Mozilla/4.0 (compatible; MSIE 6.0) AVAYA/9611-7.1.15.2.1 (MAC:xxxxxxxx)"[/pre]

Still, the phone doesn't connect and the error 'unknown ca' is still there.

Any advice?
Thanks!
 
What format is the cert in? I think it’s needs to be in base64. You can also enable debugging mode so you can extract the phone logs.
 
I tried pem and crt formats
The debug idea is interesting, thanks. Where can I read how it works? I wonder if it's possible to log to a remote syslog server.
Thanks!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top