Hello,

 

try to add the „ca_list” parameter to your ca file, it seems an error related to that.

 

Cheers,

 

Henning

 

--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com

 

From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of M Arqum CH
Sent: Thursday, August 18, 2022 10:49 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: [SR-Users] TLS issue

 

Dear All,

Thank you in advance .

 

Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon linux server.

 

Getting this error.

 

Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error
Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 143.198.11.1:62033  ///client ip
Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 172.36.53.1:5061 ///ec2 local ip
Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1)

 

TLS Config

[server:default]
method = TLSv1+
verify_certificate = no
require_certificate = nocertificate=/usr/local/ssl/certs/cert.pem
private_key=/usr/local/ssl/certs/fullkey.pem
server_name = abc.domain

 

 

Also tried this conf

[server:default]
method =  TLSv1+ ///tries all version options

verify_certificate = no
require_certificate = no
certificate=/usr/local/ssl/certs/ abc.domain.crt
private_key=/usr/local/ssl/certs/ abc.domain.key
server_name = abc.domain.link

 

openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

 

 

 

please guide.

 

 

--

Regards

Arqum