Asterisk 1.6 Features: TLS for Manager (AMI) and HTTP

I have pointed out this file before, but I’d like to point it out again. If you’re curious what new features have been added for Asterisk 1.6 since 1.4 was released, then check out the CHANGES file. The current version of it can be found here.

There are a lot of cool features in there, so I’ll pull some out from time to time to highlight them.

One of the nice features in this version is native TLS support for the Asterisk manager interface as well as the built-in HTTP server. This was developed by one of our outstanding community developers, Luigi Rizzo. This means that it is easier to make applications that use these interfaces more secure. For example, users of the AsteriskGUI that is bundled with AsteriskNOW will have an easier time setting up secure access to configure Asterisk from a web browser. Previously, the way to do this was to proxy communication with Asterisk through a web server such as Apache or lighttpd.

Turning on this feature is easy. For the manager interface, only two options are required in the [general] section of manager.conf:

sslenable = yes
sslcert = /var/lib/asterisk/asterisk.pem

For the HTTP interface, the exact same two options are required, but for http.conf.

We take security very seriously in the Asterisk project. This has really been demonstrated through our current process for handling security issues that get reported to us. Now, in Asterisk 1.6, with TLS support for SIP signalling, The Asterisk Manager Interface (AMI), as well as the HTTP interface, we’re making it even easier to secure communications with your Asterisk server.

1 thought on “Asterisk 1.6 Features: TLS for Manager (AMI) and HTTP

  1. Pingback: Asterisk 1.6: Soporte TLS en el Manager (AMI) y HTTP at Mi Brain-Training Personal

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.