Hello,
you trimmed the output, but I guess that the connection stayed open and no errors were printed in kamailio logs.
That means, kamailio is doing ok. If the web browser has issues connecting over tls, then the problem is somewhere else. Check the logs/console of the browser to see if you get any hints there.
You can also list the tcp/tls connection via RPC and see if the connection you expect is there.
Cheers, Daniel
On 20.05.20 10:30, Chirag Desai wrote:
Hi Daniel,
This is the result:
openssl s_client -connect sip.mydomain.com:5061 http://sip.mydomain.com:5061 -tlsextdebug
CONNECTED(00000005) TLS server extension "supported versions" (id=43), len=2 0000 - 03 04 .. TLS server extension "key share" (id=51), len=36 0000 - 00 1d 00 20 3b 06 9a e5-21 16 73 b1 db 04 55 47 ... ;. ..!.s...UG 0010 - 33 5a e0 98 af bf ba 3e-e6 0d 69 40 38 f8 c8 0b 3Z.... .>..i@8... 0020 - ed 79 f2 48 .y.H TLS server extension "server name" (id=0), len=0 depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = sip.mydomain.com http://sip.mydomain.com verify return:1
Certificate chain 0 s:CN = sip.mydomain.com http://sip.mydomain.com i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 i:O = Digital Signature Trust Co., CN = DST Root CA X3
Server certificate -----BEGIN CERTIFICATE-----
[REDACTED]
-----END CERTIFICATE----- subject=CN = sip.mydomain.com http://sip.mydomain.com
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits
SSL handshake has read 3115 bytes and written 400 bytes Verification: OK
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
read:errno=0