Page Index Toggle Pages: 1 Send TopicPrint
Normal Topic How to renew PhonerLite TLS certificate (Read 2562 times)
PureIP-Support
YaBB Newbies
*
Offline


Phoner is great!

Posts: 5
Joined: 02. Nov 2023
How to renew PhonerLite TLS certificate
02. Nov 2023 at 10:15
Print Post  
I am using PhoneLite version 3.22.
The TLS certificate expired on 18th of October. Since then i am trying to find the renewed certificate. Even tried to create my own and apply it but unfortunately i keep getting the error "could not load the shared library" and "wrong tag".

Please, is there a way to change the certificate ?
Is quite problematic for me because i need to use TLS with validate client and server.
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11556
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: How to renew PhonerLite TLS certificate
Reply #1 - 02. Nov 2023 at 10:36
Print Post  
That built-in certificates are just for testing peer-to-peer TLS connections. PhonerLite typically is a client - there is no need for that built-in certificates. 
If you really use peer-to-peer mode (other devices connect TO PhonerLite via TLS) you should create your own certificate.
The current beta version uses updated built-in certificates.
  
Back to top
WWW  
IP Logged
 
PureIP-Support
YaBB Newbies
*
Offline


Phoner is great!

Posts: 5
Joined: 02. Nov 2023
Re: How to renew PhonerLite TLS certificate
Reply #2 - 02. Nov 2023 at 10:48
Print Post  
Thats the point i am trying to make - i am testing peer to peer and i have validate Client and Server Certificate. I can see the certificate exchange being done but then the SBC where PhonerLite is connecting to rejects the session because the client certificate is invalid. Basically i am simulating calls to Microsoft Teams and Zoom platforms and the client needs to have a valid client certificate to be verified during the TLS handshake. Since TLS 1.2 this is quite enforced. I do understand what you say that i can disable client validation but in my case i cannot do that.

I have created my own root and client certificate but it seems i cannot apply it to phonerlite - when i try doing so i get errors related to library and wrong tag. The same certificate and root tested on a different edge device work just fine - i created it as a wildcard.

The beta version is not allowed by my companies IT policy because is Beta. 

Can you please provide me a guide on how you can apply your own certificate to phonerlite version 3.22 ? Maybe  i am not doing it correctly... I attached a photo with my client trying to apply my own certificate...

  

phoner_001.png ( 85 KB | 65 Downloads )
phoner_001.png
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11556
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: How to renew PhonerLite TLS certificate
Reply #3 - 02. Nov 2023 at 11:10
Print Post  
Does your certificate file contains the private key too? See here: https://lite.phoner.de/config_en.htm#Certificates

If you think your certificate is complete but PhonerLite does something wrong: Can you send me your self created certificate file, so I can check it here for my own?
  
Back to top
WWW  
IP Logged
 
PureIP-Support
YaBB Newbies
*
Offline


Phoner is great!

Posts: 5
Joined: 02. Nov 2023
Re: How to renew PhonerLite TLS certificate
Reply #4 - 02. Nov 2023 at 11:23
Print Post  
I have the private key but on my phoner lite there is no entry for private key. If i go to "Configuration ---> Certificate" on PhonerLite 3.22 there is just Server and Client Certificate entries, but no private key.

I have attached my root, server and private key i tried to use.
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11556
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: How to renew PhonerLite TLS certificate
Reply #5 - 02. Nov 2023 at 11:30
Print Post  
If you had take a look at the URL I mentioned above, you know that you should have the certificate and key in ONE file.
In your case your private key is encrypted. PhonerLite can't handle this, because there is no interactive way to ask for the password for the private key.
You have to export your private key unencrypted (without a password) and put the certificate file content and the one for the private key into a new file containing both. That file can be loaded by PhonerLite then.
  
Back to top
WWW  
IP Logged
 
PureIP-Support
YaBB Newbies
*
Offline


Phoner is great!

Posts: 5
Joined: 02. Nov 2023
Re: How to renew PhonerLite TLS certificate
Reply #6 - 02. Nov 2023 at 11:46
Print Post  
Oh right... i missed that part ! Sorry.
I will go ahead and try it and then come back and confirm if all is OK.


Thank you so much for your prompt replies and help !
  
Back to top
 
IP Logged
 
PureIP-Support
YaBB Newbies
*
Offline


Phoner is great!

Posts: 5
Joined: 02. Nov 2023
Re: How to renew PhonerLite TLS certificate
Reply #7 - 02. Nov 2023 at 12:37
Print Post  
All good ! Now works when using a unencrypted key.
Again, thank you so much for your support !
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11556
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: How to renew PhonerLite TLS certificate
Reply #8 - 02. Nov 2023 at 12:38
Print Post  
Nice to hear that! Thanks for the feedback.
  
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: 1
Send TopicPrint