... (rest of reply)
If your clients connect to "sbctest.tel.redacted.xx" in the first place, over TLS, then they verify the certificate against that FQDN. If you use RR and you have the kamailio IP address in the Record-Route header field(s), then the clients have to connect to that IP address using TLS, and then the certificate validation should fail.
As a quick test, do BYEs work from the clients after NOTIFYs fail?
James
On Wed, 13 Nov 2024 at 13:04, James Browne james@frideo.com wrote:
I've another suggestion. Check what's in in your Record-Route header fields.
On Wed, 13 Nov 2024 at 07:57, dries--- via sr-users sr-users@lists.kamailio.org wrote:
Thanks for replying, Fred!
The client default was already set to no verification: [client:default] verify_certificate = no require_certificate = no
This is the TLS config: [server:193.19x.x.x:5061] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/privkey.pem certificate = /etc/kamailio/fullchain.pem server_name = sbctest.tel.redacted.xx server_id = sbctest.tel.redacted.xx server_name_mode = 1 verify_depth = 3
[server:default] private_key = /etc/kamailio/privkey.pem certificate = /etc/kamailio/fullchain.pem verify_certificate = no require_certificate = no server_name = localhost
As the Grandstreams are already registering over TLS, I assume that the correct protocol is already configured. Any other suggestions?
Regards, Dries __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: