Hello list,
I have tried to setup my tls config tish LetsEncrypt following this post:
https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/
My tls config looks like this:
[server:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/sbc.example.net-0001/privkey.pem certificate = /etc/letsencrypt/live/sbc.example.net-0001/fullchain.pem ca_list = /etc/letsencrypt/live/sbc.example.net-0001/ca_list.pem #ca_list = /usr/local/etc/kamailio/tls/cacert.pem #crl = /usr/local/etc/kamailio/tls/crl.pem server_name = sbc.example.net server_id = sbc.example.net
#ca_list = /usr/local/etc/fullchain.pem #ca_list = /usr/local/etc/kamailio/tls/cacert.pem #crl = /usr/local/etc/kamailio/tls/crl.pem
# --- # This is the default client domain profile. # Settings in this domain will be used for all outgoing # TLS connections that do not match any other # client domain in this configuration file. # We require that servers present valid certificate. # [client:default] #method = TLSv1.2+ verify_certificate = yes require_certificate = yes
=================================== My ca_list has all certificates from cat /etc/ssl/certs/ca-certificates.crt >> /etc/letsencrypt/live/ sbcc.example.net/ca_list.pem
I keep getting certificate validation failed see bellow:
an 24 08:39:56 sbc.example.net /usr/local/sbin/kamailio[6371]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Jan 24 08:39:56 sbc.example.net /usr/local/sbin/kamailio[6371]: ERROR: <core> [core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f0474421f68 r: 0x7f0474422028 (-1) Jan 24 08:39:56 sbc.example.net /usr/local/sbin/kamailio[6370]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Jan 24 08:39:56 sbc.example.net /usr/local/sbin/kamailio[6370]: ERROR: <core> [core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f0474401cb8 r: 0x7f0474401d78 (-1)
=====================
What params should I change or where to look for a solution on this one?
Thanks.
Vitalie A. Bugaian.