Date: Mon, 6 Sep 2010 10:26:38 +0200
From: klaus.mailinglists(a)pernau.at
To: betergreen(a)live.com
CC: sr-users(a)lists.sip-router.org
Subject: Re: [SR-Users] please help to register sip phone to kamailio server via tls
support.
log in :tail -f /var/log/message:
Sep 4 05:18:50 appliance /usr/local/sbin/kamailio[3117]: ERROR: tls
[tls_server.c:392]: SSL error:error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
in portgo : certificate validation failure.
It is rather clear - your SIP client does not accept the proxy's
certificate and thus terminates the TLS handshake with an "unknown ca"
error.
You have to configure your SIP client to accept the CA which has signed
the proxy's certificate.
regards
klaus
Dear Klaus,
i have the same problem when add user-privkey.pem in SIP client, I use 3CX soft phone.
when i run command : kamctl tls userCERT user
openssl creates three file.
INFO: Private key is locate at /usr/local/etc/kamailio//tls/user/user-privkey.pem
INFO: Certificate is locate at /usr/local/etc/kamailio//tls/user/user-cert.pem
INFO: CA-List is locate at /usr/local/etc/kamailio//tls/user/user-calist.pem
i copy user-privkey.pem to PC which have SIP client. after that i change the name to
root_cert_3CXphone.pem to add to 3CX soft phone.
but problem is the same.
Sep 6 08:59:33 appliance /usr/local/sbin/kamailio[4442]: ERROR: tls [tls_server.c:392]:
SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4437]: ERROR: tls [tls_server.c:392]:
SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4438]: ERROR: tls [tls_server.c:392]:
SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4440]: ERROR: tls [tls_server.c:392]:
SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4442]: ERROR: tls [tls_server.c:392]:
SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
please tell me, if you know
thanks so much.
Peter Green