> Date: Mon, 6 Sep 2010 10:26:38 +0200
> From: klaus.mailinglists@pernau.at
> To: betergreen@live.com
> CC: sr-users@lists.sip-router.org
> Subject: Re: [SR-Users] please help to register sip phone to kamailio server via tls support.
>
> > log in :tail -f /var/log/message:
> >
> > Sep 4 05:18:50 appliance /usr/local/sbin/kamailio[3117]: ERROR: tls
> > [tls_server.c:392]: SSL error:error:14094418:SSL
> > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> >
> > in portgo : certificate validation failure.
>
> It is rather clear - your SIP client does not accept the proxy's
> certificate and thus terminates the TLS handshake with an "unknown ca"
> error.
>
> You have to configure your SIP client to accept the CA which has signed
> the proxy's certificate.
>
> regards
> klaus

Dear Klaus,
i have the same problem when add user-privkey.pem in SIP client, I use 3CX  soft phone.

when i run command : kamctl tls userCERT user

openssl creates three file.

INFO: Private key is locate at /usr/local/etc/kamailio//tls/user/user-privkey.pem
INFO: Certificate is locate at /usr/local/etc/kamailio//tls/user/user-cert.pem
INFO: CA-List is locate at /usr/local/etc/kamailio//tls/user/user-calist.pem

i copy user-privkey.pem to PC which have SIP client. after that i change the name to root_cert_3CXphone.pem to add to 3CX soft phone.
but problem is the same.

Sep  6 08:59:33 appliance /usr/local/sbin/kamailio[4442]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep  6 08:59:34 appliance /usr/local/sbin/kamailio[4437]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep  6 08:59:34 appliance /usr/local/sbin/kamailio[4438]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep  6 08:59:34 appliance /usr/local/sbin/kamailio[4440]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep  6 08:59:34 appliance /usr/local/sbin/kamailio[4442]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca


please tell me, if you know
thanks so much.
Peter Green