Date: Mon, 6 Sep 2010 10:26:38 +0200 From: klaus.mailinglists@pernau.at To: betergreen@live.com CC: sr-users@lists.sip-router.org Subject: Re: [SR-Users] please help to register sip phone to kamailio server via tls support.
log in :tail -f /var/log/message:
Sep 4 05:18:50 appliance /usr/local/sbin/kamailio[3117]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
in portgo : certificate validation failure.
It is rather clear - your SIP client does not accept the proxy's certificate and thus terminates the TLS handshake with an "unknown ca" error.
You have to configure your SIP client to accept the CA which has signed the proxy's certificate.
regards klaus
Dear Klaus,
i have the same problem when add user-privkey.pem in SIP client, I use 3CX soft phone.
when i run command : kamctl tls userCERT user
openssl creates three file.
INFO: Private key is locate at /usr/local/etc/kamailio//tls/user/user-privkey.pem INFO: Certificate is locate at /usr/local/etc/kamailio//tls/user/user-cert.pem INFO: CA-List is locate at /usr/local/etc/kamailio//tls/user/user-calist.pem
i copy user-privkey.pem to PC which have SIP client. after that i change the name to root_cert_3CXphone.pem to add to 3CX soft phone. but problem is the same.
Sep 6 08:59:33 appliance /usr/local/sbin/kamailio[4442]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4437]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4438]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4440]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4442]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
please tell me, if you know thanks so much. Peter Green