<div dir="ltr">Ok, thank you. <br><div><br></div><div>Looks like problem solved. I just pointed same config certificates for client too and setting it on yes yes worked.</div><div><br></div><div>Thanks.</div><div><br></div><div>Vitalie.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jan 24, 2020 at 3:07 PM Social Boh <<a href="mailto:social@bohboh.info">social@bohboh.info</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>I'm not sure but with let's encrypt you can create only server
certificate, not client certificate so you can't require and
verify client certificate.</p>
<p>Regards<br>
</p>
<pre cols="72">---
I'm SoCIaL, MayBe</pre>
<div>El 24/01/2020 a las 09:01, Bugaian A.
Vitalie escribió:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Ok, thanks. <br>
<div><br>
</div>
<div>But my question is still about why verification fails/or
what should be chked to make it work. Not how to disable it.</div>
<div><br>
</div>
<div>Thanks.</div>
<div><br>
</div>
<div>Vitalie.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Jan 24, 2020 at 2:54
PM Social Boh <<a href="mailto:social@bohboh.info" target="_blank">social@bohboh.info</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hello,</p>
<p>changing:</p>
<p>[client:default]<br>
#method = TLSv1.2+<br>
verify_certificate = yes<br>
</p>
<div>require_certificate = yes</div>
<div><br>
</div>
<div>with</div>
<div><br>
</div>
<div>[client:default]<br>
#method = TLSv1.2+<br>
verify_certificate = no<br>
<div>require_certificate = no<br>
</div>
</div>
<pre cols="72">---
I'm SoCIaL, MayBe</pre>
<div>El 24/01/2020 a las 08:46, Bugaian A. Vitalie escribió:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello list,
<div><br>
</div>
<div>I have tried to setup my tls config tish
LetsEncrypt following this post:</div>
<div><br>
</div>
<div><a href="https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/" target="_blank">https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/</a> </div>
<div><br>
</div>
<div>My tls config looks like this:</div>
<div><br>
</div>
<br>
[server:default]<br>
method = TLSv1.2+<br>
verify_certificate = no<br>
require_certificate = no<br>
private_key =
/etc/letsencrypt/live/sbc.example.net-0001/privkey.pem<br>
certificate =
/etc/letsencrypt/live/sbc.example.net-0001/fullchain.pem<br>
ca_list =
/etc/letsencrypt/live/sbc.example.net-0001/ca_list.pem<br>
#ca_list = /usr/local/etc/kamailio/tls/cacert.pem<br>
#crl = /usr/local/etc/kamailio/tls/crl.pem<br>
server_name = <a href="http://sbc.example.net" target="_blank">sbc.example.net</a><br>
server_id = <a href="http://sbc.example.net" target="_blank">sbc.example.net</a><br>
<br>
#ca_list = /usr/local/etc/fullchain.pem<br>
#ca_list = /usr/local/etc/kamailio/tls/cacert.pem<br>
#crl = /usr/local/etc/kamailio/tls/crl.pem<br>
<br>
<br>
# ---<br>
# This is the default client domain profile.<br>
# Settings in this domain will be used for all outgoing<br>
# TLS connections that do not match any other<br>
# client domain in this configuration file.<br>
# We require that servers present valid certificate.<br>
#<br>
[client:default]<br>
#method = TLSv1.2+<br>
verify_certificate = yes<br>
<div>require_certificate = yes</div>
<div><br>
</div>
<div>===================================</div>
<div>My ca_list has all certificates from <br>
</div>
<div>cat /etc/ssl/certs/ca-certificates.crt >>
/etc/letsencrypt/live/<a href="http://sbcc.example.net/ca_list.pem" target="_blank">sbcc.example.net/ca_list.pem</a><br>
</div>
<div><br>
</div>
<div>I keep getting certificate validation failed see
bellow:</div>
<div><br>
</div>
<div>an 24 08:39:56 <a href="http://sbc.example.net" target="_blank">sbc.example.net</a>
/usr/local/sbin/kamailio[6371]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS
write:error:1416F086:SSL
routines:tls_process_server_certificate:certificate
verify failed<br>
Jan 24 08:39:56 <a href="http://sbc.example.net" target="_blank">sbc.example.net</a>
/usr/local/sbin/kamailio[6371]: ERROR: <core>
[core/tcp_read.c:1505]: tcp_read_req(): ERROR:
tcp_read_req: error reading - c: 0x7f0474421f68 r:
0x7f0474422028 (-1)<br>
Jan 24 08:39:56 <a href="http://sbc.example.net" target="_blank">sbc.example.net</a>
/usr/local/sbin/kamailio[6370]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS
write:error:1416F086:SSL
routines:tls_process_server_certificate:certificate
verify failed<br>
Jan 24 08:39:56 <a href="http://sbc.example.net" target="_blank">sbc.example.net</a>
/usr/local/sbin/kamailio[6370]: ERROR: <core>
[core/tcp_read.c:1505]: tcp_read_req(): ERROR:
tcp_read_req: error reading - c: 0x7f0474401cb8 r:
0x7f0474401d78 (-1)<br>
</div>
<div><br>
</div>
<div>=====================</div>
<div><br>
</div>
<div>What params should I change or where to look for a
solution on this one?</div>
<div><br>
</div>
<div>Thanks.</div>
<div><br>
Vitalie A. Bugaian.</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Kamailio (SER) - Users Mailing List
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote></div>