<div dir="ltr">Hi Henning,<div>Thank you for your reply. </div><div>yes there is ca_list parameter .. but no idea from where i can get that list.</div><div>can you please guide me on how to get ca_list, how would I generate ca_list. </div><div><br></div><div>thanks </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Aug 19, 2022 at 2:40 PM Henning Westerholt <<a href="mailto:hw@gilawa.com">hw@gilawa.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="gmail-msg-8257511062099743594">

<div lang="DE" style="overflow-wrap: break-word;">

<div class="gmail-m_-8257511062099743594WordSection1">

<p class="MsoNormal"><span>Hello,<u></u><u></u></span></p>

<p class="MsoNormal"><span><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">try to add the „ca_list” parameter to your ca file, it seems an error related to that.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">Cheers,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">Henning<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">-- <u></u>

<u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">Henning Westerholt –

</span><span><a href="https://skalatan.de/blog/" target="_blank"><span lang="EN-GB" style="color:rgb(5,99,193)">https://skalatan.de/blog/</span></a></span><span lang="EN-GB"><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">Kamailio services –

</span><span><a href="https://gilawa.com/" target="_blank"><span lang="EN-GB" style="color:rgb(5,99,193)">https://gilawa.com</span></a></span><span lang="EN-GB"><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm">

<p class="MsoNormal" style="margin-left:35.4pt"><b>From:</b> sr-users <<a href="mailto:sr-users-bounces@lists.kamailio.org" target="_blank">sr-users-bounces@lists.kamailio.org</a>>

<b>On Behalf Of </b>M Arqum CH<br>

<b>Sent:</b> Thursday, August 18, 2022 10:49 PM<br>

<b>To:</b> Kamailio (SER) - Users Mailing List <<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>

<b>Subject:</b> [SR-Users] TLS issue<u></u><u></u></p>

</div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Dear All,<br>

<br>

Thank you in advance .<u></u><u></u></p>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon linux server.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Getting this error.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error<br>

Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca<br>

Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr:

<a href="http://143.198.11.1:62033" target="_blank">143.198.11.1:62033</a>  ///client ip<br>

Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr:

<a href="http://172.36.53.1:5061" target="_blank">172.36.53.1:5061</a> ///ec2 local ip<br>

Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1)<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">TLS Config<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">[server:default]<br>

method = TLSv1+<br>

verify_certificate = no<br>

require_certificate = nocertificate=/usr/local/ssl/certs/cert.pem<br>

private_key=/usr/local/ssl/certs/fullkey.pem<br>

server_name = abc.domain<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Also tried this conf<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">[server:default]<br>

method =  TLSv1+ ///tries all version options<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><br>

verify_certificate = no<br>

require_certificate = no<br>

certificate=/usr/local/ssl/certs/ abc.domain.crt<br>

private_key=/usr/local/ssl/certs/ abc.domain.key<br>

server_name = abc.domain.link<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">openssl version<br>

OpenSSL 1.0.2k-fips  26 Jan 2017<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">please guide.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<p class="MsoNormal" style="margin-left:35.4pt">-- <u></u><u></u></p>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Regards<u></u><u></u></p>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Arqum<u></u><u></u></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">Regards<div>M Arqum</div></div>