https//:localhost:8444/ not opening

Max

Administrator
Staff member
We raised the ticket to add a setting to skip SSL certificate checking WCS-3138, and let you know result here.
But this is bad practice.
 

Max

Administrator
Staff member
Hello, we have noticed that your server is not longer available. Could you please provide access. We need to test fixed made in WCS-3138.
 

SAGARVG

Member
Hello, we have noticed that your server is not longer available. Could you please provide access. We need to test fixed made in WCS-3138.
Hi,

Please check the forum updated, could you able to check
 
Last edited:

Max

Administrator
Staff member
Good day.
Seems like your SIP PBX server uses self-signed SSL certificates. So you have to import them to local storage on the server where WCS is installed as described here. In this case, voice SIP calls seems working with the following settings
Code:
sip_use_tls=true
sip_force_tcp=true
 

SAGARVG

Member
Good day.
Seems like your SIP PBX server uses self-signed SSL certificates. So you have to import them to local storage on the server where WCS is installed as described here. In this case, voice SIP calls seems working with the following settings
Code:
sip_use_tls=true
sip_force_tcp=true
Thank you we got the attachment from SIP PBX provider ,Please check this we need to integrate in WCS server?

if this is the case where to add this file location....???
 

Attachments

Last edited:

Max

Administrator
Staff member
Seems like asterisk.pem file from this archive should be enough. Please do the steps described here starting from step 3.
 

Max

Administrator
Staff member
Seems like -storepass option missed
Code:
keytool -importcert -keystore /usr/lib/java/java-8-openjdk-amd64/jre/lib/security/cacerts -storepass changeit -file /home/admin_0/asterisk.pem -alias "pbx"
 

SAGARVG

Member
Seems like -storepass option missed
Code:
keytool -importcert -keystore /usr/lib/java/java-8-openjdk-amd64/jre/lib/security/cacerts -storepass changeit -file /home/admin_0/asterisk.pem -alias "pbx"
now getting this error
1618580429410.png

1618729609398.png
 
Last edited:

Max

Administrator
Staff member
Now, Java certificate storage file name is missed, you've set only path:
1618797164424.png

/usr/lib/java/java-8-openjdk-amd64/jre/lib/security/cacerts should be set here
 

Max

Administrator
Staff member
When server is started, there is the message in server log:
Code:
08:58:49,707 ERROR            Softphone - main License error License period is expired
Perhaps you should request a new trial.
 

SAGARVG

Member
When server is started, there is the message in server log:
Code:
08:58:49,707 ERROR            Softphone - main License error License period is expired
Perhaps you should request a new trial.
Hello,
we are able to register but now not able to hear or send voice in call

Is there any ports we must open for TLS other than what we have opened earlier.... Form has been updated
 

Max

Administrator
Staff member
Is there any ports we must open for TLS other than what we have opened earlier.... Form has been updated
Seems like media ports (UDP and TCP) in the range
Code:
media_port_from        =31001
media_port_to          =32000
are blocked. Please try to clean up the all of firewall rules on WCS, then set up iptables like this
Bash:
#!/bin/bash
#
export IPT="iptables"
 
# WAN interface
export WAN=eth0
 
# Clean iptables chains
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
 
# Set default policy
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
 
# Allow loopback traffic
$IPT -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
$IPT -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
 
# Allow outgoing connections
$IPT -A OUTPUT -o $WAN -j ACCEPT
 
# Set up already initiated connections rules
$IPT -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# Drop all invalid packets
$IPT -A INPUT -m state --state INVALID -j DROP
$IPT -A FORWARD -m state --state INVALID -j DROP
 
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPT -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
 
# Allow pings
$IPT -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
 
# Open SSH port
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
 
# Open WCS ports
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8888 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8443 -j ACCEPT
$IPT -A INPUT -p tcp --dport 1935 -j ACCEPT
$IPT -A INPUT -p udp --dport 1935 -j ACCEPT
$IPT -A INPUT -p tcp --dport 554 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8080 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8081 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8084 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8082 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8445 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8444 -j ACCEPT
$IPT -A INPUT -p tcp --dport 30000:33000 -j ACCEPT
$IPT -A INPUT -p udp --dport 30000:33000 -j ACCEPT
 
$IPT -A INPUT -j DROP
$IPT -A FORWARD -j DROP
 
# Store rules to the file
/sbin/iptables-save  > /etc/sysconfig/iptables
or firewalld like this
Bash:
#!/bin/bash
#
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-port=8888/tcp
firewall-cmd --permanent --zone=public --add-port=8443/tcp
firewall-cmd --permanent --zone=public --add-port=1935/tcp
firewall-cmd --permanent --zone=public --add-port=1935/udp
firewall-cmd --permanent --zone=public --add-port=554/tcp
firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --permanent --zone=public --add-port=8081/tcp
firewall-cmd --permanent --zone=public --add-port=8084/tcp
firewall-cmd --permanent --zone=public --add-port=8082/tcp
firewall-cmd --permanent --zone=public --add-port=8445/tcp
firewall-cmd --permanent --zone=public --add-port=8444/tcp
firewall-cmd --permanent --zone=public --add-port=30000-33000/udp
firewall-cmd --permanent --zone=public --add-port=30000-33000/tcp
firewall-cmd --reload
 

SAGARVG

Member
Seems like media ports (UDP and TCP) in the range
Code:
media_port_from        =31001
media_port_to          =32000
are blocked. Please try to clean up the all of firewall rules on WCS, then set up iptables like this
Bash:
#!/bin/bash
#
export IPT="iptables"

# WAN interface
export WAN=eth0

# Clean iptables chains
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X

# Set default policy
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT

# Allow loopback traffic
$IPT -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
$IPT -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

# Allow outgoing connections
$IPT -A OUTPUT -o $WAN -j ACCEPT

# Set up already initiated connections rules
$IPT -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -p all -m state --state ESTABLISHED,RELATED -j ACCEPT

# Drop all invalid packets
$IPT -A INPUT -m state --state INVALID -j DROP
$IPT -A FORWARD -m state --state INVALID -j DROP

$IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPT -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP

# Allow pings
$IPT -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# Open SSH port
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT

# Open WCS ports
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8888 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8443 -j ACCEPT
$IPT -A INPUT -p tcp --dport 1935 -j ACCEPT
$IPT -A INPUT -p udp --dport 1935 -j ACCEPT
$IPT -A INPUT -p tcp --dport 554 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8080 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8081 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8084 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8082 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8445 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8444 -j ACCEPT
$IPT -A INPUT -p tcp --dport 30000:33000 -j ACCEPT
$IPT -A INPUT -p udp --dport 30000:33000 -j ACCEPT

$IPT -A INPUT -j DROP
$IPT -A FORWARD -j DROP

# Store rules to the file
/sbin/iptables-save  > /etc/sysconfig/iptables
or firewalld like this
Bash:
#!/bin/bash
#
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-port=8888/tcp
firewall-cmd --permanent --zone=public --add-port=8443/tcp
firewall-cmd --permanent --zone=public --add-port=1935/tcp
firewall-cmd --permanent --zone=public --add-port=1935/udp
firewall-cmd --permanent --zone=public --add-port=554/tcp
firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --permanent --zone=public --add-port=8081/tcp
firewall-cmd --permanent --zone=public --add-port=8084/tcp
firewall-cmd --permanent --zone=public --add-port=8082/tcp
firewall-cmd --permanent --zone=public --add-port=8445/tcp
firewall-cmd --permanent --zone=public --add-port=8444/tcp
firewall-cmd --permanent --zone=public --add-port=30000-33000/udp
firewall-cmd --permanent --zone=public --add-port=30000-33000/tcp
firewall-cmd --reload
this ports are already open, is they blocking
1618998074434.png
 

Max

Administrator
Staff member
this ports are already open, is they blocking
Please check ports availability for incoming connections as described here.
Please reset all firewall rules
Code:
sudo ufw reset
sudo iptables -F
and disable firewall temporarily
Code:
sudo ufw disable
If this helps, set up iptables as we recommended above
 

SAGARVG

Member
Please check ports availability for incoming connections as described here.
Please reset all firewall rules
Code:
sudo ufw reset
sudo iptables -F
and disable firewall temporarily
Code:
sudo ufw disable
If this helps, set up iptables as we recommended above
Thank you we have done the same now on local we can able to register and call

But in remote outside network only getting established but not registered....the form is same as it was updated last time


checked the ports are being forwarded....
 
Top