Hello,

the path provided for ca_list seems wrong compared with the rest of the paths, do you have the two of them, one with kamailio and one with sip-router?

Cheers,
Daniel

On 12.04.18 14:33, Jignesh Gandhi wrote:

I want to enable certificate validation on the server. I am only using self-signed certs.

I have the same certificate/key in the client and server and want to only allow connection from clients with this cert/key.

I have turned on the following in tls.cfg and done all the steps required in kamailio.cfg file.

[server:default]

method = TLSv1

verify_certificate = yes

require_certificate = yes

private_key = /usr/local/etc/kamailio/selfsigned.key

certificate = /usr/local/etc/kamailio/selfsigned.pem

ca_list = /usr/local/etc/sip-router/cacert.pem

[client:default]

verify_certificate = yes

require_certificate = yes

Any help is appreciated.

Thanks,

--Jignesh
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com