Am 09.09.2010 12:00, schrieb peter_green lion:
Date: Thu, 9 Sep 2010 11:13:19 +0200 From: klaus.mailinglists@pernau.at To: betergreen@live.com CC: sr-users@lists.sip-router.org Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate
Am 09.09.2010 10:17, schrieb peter_green lion:
hi all, i have configure tls support as this link: http://www.kamailio.org/docs/tls-devel.html#id2451496 and i add certificate to 3CX sip phone is "cacert.pem" but when i register sip phone, the log file in kamailio server is :
Sep 9 15:13:36 appliance /usr/local/sbin/kamailio[2146]: ERROR: tls [tls_server.c:392]: SSL error:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
I think the means that the SIP phone sends the ALERT because the it does not accept the certificate of the server. So you h ave to debug why the SIP phone does not accept the certificate.
You really should test with another SIP client first.
regards Klaus
my configure in kamailio.cfg as :
modparam("tls", "tls_method", "TLSv1") modparam("tls", "tls_method", "SSLv23") modparam("tls", "certificate", "/usr/local/etc/kamailio//tls/user/user-cert.pem") modparam("tls", "private_key", "/usr/local/etc/kamailio//tls/user/user-privkey.pem") modparam("tls", "ca_list", "/usr/local/etc/kamailio//tls/user/user-calist.pem") modparam("tls", "verify_certificate",0 ) modparam("tls", "require_certificate",0 )
please suggest to fix this error. thanks and regards. Peter Green.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
hi Klaus, i add certificate to internet explorer, but it fail: when i view this certificate i see that error:
"this certificate has expired or is not yet valid"
is mean this certificate is wrong ?
Yes. It is either expired or not yet valid!
so how do i make it correct ?
Hope this ends this endless conversation
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
regards klaus