In Elastix/Asterisk, the SIP calls can be encrypted in two ways: encrypting the SIP protocol signaling and encrypting the RTP voice flow. To encrypt the SIP protocol signal, we will use the Transport Layer Security (TLS) protocol.
Create security keys and certificates. For this example, we will store our keys and certificates in the
/etc/asterisk/keys
folder.To create this folder, enter the
mkdir /etc/asterisk/keys
command.Change the owner of the folder from the user root to the user asterisk:
chown asterisk:asterisk /etc/asterisk/keys
Generate the keys and certificates by going to the following folder:
cd /usr/share/doc/asterisk-1.8.20.0/contrib/scripts/ ./ast_tls_cert -C 10.20.30.70 -O "Our Company" -d /etc/asterisk/keys
Where the options are as follows:
-C is used to set the host (DNS name) or IP address of our Elastix server.
-O is the organizational name or description.
-d is the folder where keys will be stored.
Generate a pair of keys for a pair of extensions...