From sipuser404@gmail.com Mon Apr 20 21:18:25 2020 From: sip user To: sr-users@lists.kamailio.org Subject: Re: [SR-Users] Kamailio like SBC with Teams Date: Mon, 20 Apr 2020 21:18:05 +0200 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1668180119==" --===============1668180119== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sorry.. Im a bit loose in this one... So, ive use letsencrypy to generate the certificate, and the CA, how i have to generate? Thanks El lun., 20 abr. 2020 19:06, Sergiu Pojoga escribi=C3= =B3: > ca_list=3D /etc/letsencrypt/live/FQND/chain.pem > > Is that pointing to your Root CA certificate? I highly doubt it. > That's probably the reason why you get "tls_read_f(): TLS > write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed" > > On Mon, Apr 20, 2020 at 11:53 AM sip user wrote: > >> Hi.. >> >> Thank you all very much for answering me. >> >> I have made many test: >> >> First, I've installed ssl cert with letsencrypt, like >> https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/, this one >> i made it before. >> >> I've configured tls.cfg like: >> >> [server:default] >> method =3D TLSv1.2 >> verify_certificate =3D yes >> require_certificate =3D yes >> private_key =3D /etc/letsencrypt/live/FQND/privkey.pem >> certificate =3D /etc/letsencrypt/live/FQDN/fullchain.pem >> ca_list=3D /etc/letsencrypt/live/FQND/chain.pem >> >> [client:default] >> method =3D TLSv1.2 >> verify_certificate =3D yes >> require_certificate =3D yes >> private_key =3D /etc/letsencrypt/live/FQND/privkey.pem >> certificate =3D /etc/letsencrypt/live/FQDN/fullchain.pem >> ca_list=3D /etc/letsencrypt/live/FQND/chain.pem >> >> In syslog I received: >> >> Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: