<div dir="ltr">Hello,<div>For adding the CA list below is the article that can help you.<br><br><b><a href="https://telecom.altanai.com/2018/09/04/kamailio-webrtc-sip-server/">https://telecom.altanai.com/2018/09/04/kamailio-webrtc-sip-server/</a></b><br><br>Search the line, <b>find / -name cacert.pem</b> there you will find the steps to get it.<br>But in my case it works without <b>ca_list</b> also.<br><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Aug 20, 2022 at 2:45 AM M Arqum CH <<a href="mailto:marqumch@gmail.com">marqumch@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Henning,<div>Thank you for your reply. </div><div>yes there is ca_list parameter .. but no idea from where i can get that list.</div><div>can you please guide me on how to get ca_list, how would I generate ca_list. </div><div><br></div><div>thanks </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Aug 19, 2022 at 2:40 PM Henning Westerholt <<a href="mailto:hw@gilawa.com" target="_blank">hw@gilawa.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>





<div lang="DE">
<div>
<p class="MsoNormal"><span>Hello,<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">try to add the „ca_list” parameter to your ca file, it seems an error related to that.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">Cheers,<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">Henning<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">-- <u></u>
<u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">Henning Westerholt –
</span><span><a href="https://skalatan.de/blog/" target="_blank"><span lang="EN-GB" style="color:rgb(5,99,193)">https://skalatan.de/blog/</span></a></span><span lang="EN-GB"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">Kamailio services –
</span><span><a href="https://gilawa.com/" target="_blank"><span lang="EN-GB" style="color:rgb(5,99,193)">https://gilawa.com</span></a></span><span lang="EN-GB"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm">
<p class="MsoNormal" style="margin-left:35.4pt"><b>From:</b> sr-users <<a href="mailto:sr-users-bounces@lists.kamailio.org" target="_blank">sr-users-bounces@lists.kamailio.org</a>>
<b>On Behalf Of </b>M Arqum CH<br>
<b>Sent:</b> Thursday, August 18, 2022 10:49 PM<br>
<b>To:</b> Kamailio (SER) - Users Mailing List <<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
<b>Subject:</b> [SR-Users] TLS issue<u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">Dear All,<br>
<br>
Thank you in advance .<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon linux server.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">Getting this error.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error<br>
Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca<br>
Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr:
<a href="http://143.198.11.1:62033" target="_blank">143.198.11.1:62033</a>  ///client ip<br>
Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr:
<a href="http://172.36.53.1:5061" target="_blank">172.36.53.1:5061</a> ///ec2 local ip<br>
Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">TLS Config<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">[server:default]<br>
method = TLSv1+<br>
verify_certificate = no<br>
require_certificate = nocertificate=/usr/local/ssl/certs/cert.pem<br>
private_key=/usr/local/ssl/certs/fullkey.pem<br>
server_name = abc.domain<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">Also tried this conf<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">[server:default]<br>
method =  TLSv1+ ///tries all version options<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><br>
verify_certificate = no<br>
require_certificate = no<br>
certificate=/usr/local/ssl/certs/ abc.domain.crt<br>
private_key=/usr/local/ssl/certs/ abc.domain.key<br>
server_name = abc.domain.link<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">openssl version<br>
OpenSSL 1.0.2k-fips  26 Jan 2017<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">please guide.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>
</div>
<p class="MsoNormal" style="margin-left:35.4pt">-- <u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">Regards<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">Arqum<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>

</div></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">Regards<div>M Arqum</div></div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
  * <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
  * <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>