You’ve already seen how to enable the Asterisk Manager interface and the GUI webserver. What is needed now is adding SSL for the added layer of security.
The /etc/asterisk/manager.conf file contains some of the info and further hints were found scattered about on the web.
Hopefully you already have OpenSSL installed. If not then try yum install openssl.
First for the manager interface. Add the block to the config.
1 2 3 4 | sslenable=yes ; set to YES to enable itsslbindport=5039 ; the port to bind tosslbindaddr=192.168.0.100 ; address to bind to, default to bindaddrsslcert=/etc/asterisk/cert.pem ; path to the certificate. |
You can build the sslcert with:
1 | openssl req -new -x509 -days 365 -nodes -out /etc/asterisk/cert.pem -keyout /etc/asterisk/cert.pem |
The parts above are actually pretty well documented online and adds the SSL layer for the management interface. The real secret was to add a similar block to /etc/asterisk/http.conf.
1 2 3 4 | sslenable=yes ; set to YES to enable itsslbindport=8089 ; the port to bind tosslbindaddr=192.168.0.100 ; address to bind to, default to bindaddrsslcert=/etc/asterisk/cert.pem ; path to the certificate. |
After adding this and a service asterisk restart you should be able to browse to https://yourserver:8089.
The certificate we created above is not signed by any authority and will need to be added to your browser as an exception.