Re: [SR-Users] Kamailio TLS configuration

On Aug 28, 2015, at 12:01 PM, Alexandru Covalschi <568691(a)gmail.com> wrote: Hello! I'm having problems with Kamailio configuration with TLS. Or, maybe, that's my misunderstanding about how it should work. So, the issue - inbound TLS works just great, I can call everyone in my domain. I have PositiveSSL certificate, so I have such files: calist.crt AddTrustExternalCARoot.crt + COMODORSAAddTrustCA.crt + COMODORSADomainValidationSecureServerCA.crt divided by \n server.key - key server.crt - cert The configuration of tls.cfg [server:default] method = SSLv23 verify_certificate = no require_certificate = no private_key = /etc/ssl/sectel.io.ssl/sip/server.key certificate = /etc/ssl/sectel.io.ssl/sip/server.crt ca_list = /etc/ssl/sectel.io.ssl/sip/calist.crt #crl = /etc/kamailio/crl.pem (however with or without ca_list nothing changes) [client:default] verify_certificate = yes require_certificate = yes And with that configuration when I'm trying to call to ostel.co (public SIP service supporting TLS) from my server I get such error: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Putting that in tls.cfg: [client:default] verify_certificate = no require_certificate = no Make everything work. Cross-domain calling is essential and I'm just trying to figure out - what's the problem? Is that my certificate, is that ostel.co certificate or it is just the way it should be? Thanks! -- Alexandru Covalschi ABRISS-Solutions VoIP engineer and system administrator phone: +37367398493 web: http://abs-telecom.com/ _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users