30 Aug
2015
30 Aug
'15
2:50 p.m.
Any way of specifiying all popular certification centers it default calist?
Shouldn't it use those which already exist in the system? (/etc/ssl/...)
2015-08-29 20:54 GMT+03:00 Ding Ma <mading087(a)gmail.com>om>:
When your server contacts the public server, your
server acts as a tls
client. So you may need to copy the server section settings (at least the
calist) into the client section of tls.cfg.
Sent from my iPhone
On Aug 28, 2015, at 12:01 PM, Alexandru Covalschi <568691(a)gmail.com>
wrote:
Hello!
I'm having problems with Kamailio configuration with TLS. Or, maybe,
that's my misunderstanding about how it should work.
So, the issue - inbound TLS works just great, I can call everyone in my
domain. I have PositiveSSL certificate, so I have such files:
calist.crt AddTrustExternalCARoot.crt + COMODORSAAddTrustCA.crt +
COMODORSADomainValidationSecureServerCA.crt divided by \n
server.key - key
server.crt - cert
The configuration of tls.cfg
[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = /etc/ssl/sectel.io.ssl/sip/server.key
certificate = /etc/ssl/sectel.io.ssl/sip/server.crt
ca_list = /etc/ssl/sectel.io.ssl/sip/calist.crt
#crl = /etc/kamailio/crl.pem
(however with or without ca_list nothing changes)
[client:default]
verify_certificate = yes
require_certificate = yes
And with that configuration when I'm trying to call to ostel.co (public
SIP service supporting TLS) from my server I get such error:
ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Putting that in tls.cfg:
[client:default]
verify_certificate = no
require_certificate = no
Make everything work.
Cross-domain calling is essential and I'm just trying to figure out -
what's the problem? Is that my certificate, is that ostel.co certificate
or it is just the way it should be?
Thanks!
--
Alexandru Covalschi
ABRISS-Solutions
VoIP engineer and system administrator
phone: +37367398493
web: http://abs-telecom.com/
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Alexandru Covalschi
ABRISS-Solutions
VoIP engineer and system administrator
phone: +37367398493
web: http://abs-telecom.com/