Re: [SR-Users] Kamailiio TLS and Let'sEncrypt certs

29 Mar 2020, в 11:36, Igor Olhovskiy &lt;igorolhovskiy(a)gmail.com <mailto:igorolhovskiy@gmail.com>> написал(а): Hi! Actually I’m trying to get Kamailio to work as MS Teams SBC following by perfect article https://skalatan.de/en/blog/kamailio-sbc-teams It works well, but one thing is bothering me. I’m using Let’sEncrypt certs (actually, works well), but with setting in *tls.conf* verify_certificate = yes require_certificate = yes It’s giving an errors like /usr/sbin/kamailio[4551]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed /usr/sbin/kamailio[4551]: ERROR: <core> [core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f03e6d23d88 r: 0x7f03e6d23e08 (-1) They are resolved with setting these settings (verify/require) to off (actually, as mentioned here - https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/), but I’m really curious - why? As I got, it’s using *openssl verify* on a background, but this check locally passed with openssl verify -CAfile issuer.crt myserver.crt myserver.crt: OK So, is there any tricks to lets encrypt or just some misconfig in *tls.cfg*? Now it looks like one from article [server:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /etc/kamailio/tls/myserver.key certificate = /etc/kamailio/tls/myserver.crt ca_list = /etc/kamailio/tls/issuer.crt [client:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /etc/kamailio/tls/myserver.key certificate = /etc/kamailio/tls/myserver.crt ca_list = /etc/kamailio/tls/issuer.crt — Regards, Igor _______________________________________________ Kamailio (SER) - Users Mailing List sr-users(a)lists.kamailio.org <mailto:sr-users@lists.kamailio.org> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users