Hello,

On 25/10/15 13:10, Vladimer Gabunia wrote:

hello all.

we compiled kamailio with TLS Support. but have next problem when using CRL Lits.

Our Certificate issuing scheme is follow:

Offline Root CA -> Enterprise SubCA -> Server and Phone Certificate

CRL list is signed by SubCA.

option "require client certificate is enables (1) "

When we enable CRL list, phones are not registered.

CA file is offline RootCA certificate in pem format.

We think that the reason is that СRL was signed by Subca or incorrect CRL format.

CRL is converted from MS CRL to PEM. (What is the format for the CRL)

maybe someone have experiance with similar scenarios?

the readme file of the tls module has some documentation about crl:

http://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.crl

You can also try to run with debug=3 in kmailio.cfg and see more debug messages about what happens internally.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Nov 30-Dec 2, Berlin - http://asipto.com/kat