WebRTC configuration for ICTBroadcast
=====================================
To enable WebRTC support over WSS (secure port) in ICTBroadcast we have to install SSL / TLS certificates. following is a guide to setup lets encrypt certificates for Asterisk which is free SSL / TLS certificates
To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol, which typically runs on your web host.
Get a domain name
—————–
We need a domain name to generate certificates, sub-domains are also allowed. for example, we have sip.example.com
Before starting with certificate generation please redirect your domain / subdomains to your Asterisk server and also remember to replace `sip.example.com` in following with your own domain or subdomain name
Install Letsencrypt
——————-
Install certbod binaries
yum install certbot python2-certbot-apache -y
Generate certificates
———————
Enter the following command and proceed with prompts
certbot –apache -d sip.example.com
Install certificates in Asterisk
——————————–
cd /etc/letsencrypt/live/sip.example.com
echo ” > /etc/asterisk/keys/cert.pem && cat cert.pem >> /etc/asterisk/keys/cert.pem && cat chain.pem >> /etc/asterisk/keys/cert.pem
echo ” > /etc/asterisk/keys/privkey.pem && cat privkey.pem >> /etc/asterisk/keys/privkey.pem
systemctl restart asterisk.service
Cronjob to keep certificates upto date
————————————–
Letsencrypt expire free certficates after three months, we can override this issue by a simple cronjob
echo “30 2 * * * root /usr/bin/certbot renew >> /var/log/le-renew.log” > /etc/cron.d/letsencrypt.conf
also add cron job to update wss.pem file from Asterisk
echo “30 2 * * * root /usr/ictbroadcast/bin/asterisk/certupdate” > /etc/cron.d/letsencrypt.conf