Hi Julien,

Thanks for this hint. A bit off topic the cert part but security should be forced :) 

Many ways to get an letsencryt certificate, I prefer the go-lang lego tool 

docker run -v $(pwd)/.lego:/.lego goacme/lego -d fqdn --email your@email -a --tls --pem run

Saved stuff in dot lego folder. 

Cheers 
Karsten Horsmann 


Julien Chavanton <jchavanton@gmail.com> schrieb am Do., 19. Dez. 2019, 17:08:
Hi, I guess I was the one stretching it :)

If you need to generate a cert, check EFF let's encrypt, here is one example to get a cert with HTTP validation

#!/bin/bash                                                                                                                                                                                                
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo docker run -it --rm --name certbot \
        --net=host \
        -v "/etc/letsencrypt:/etc/letsencrypt" \
        -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
        certbot/certbot certonly --eff-email --agree-tos -m use@domain.com --standalone --preferred-challenges http -d $1
iptables -D INPUT -p tcp --dport 80 -j ACCEPT
if [ "$2" == "copy" ]
then
        cp /etc/letsencrypt/live/$1/fullchain.pem tls/certificate.pem
        cp /etc/letsencrypt/live/$1/privkey.pem tls/key.pem
fi


On Thu, Dec 19, 2019 at 6:20 AM Sebastian Damm <damm@sipgate.de> wrote:
Hi Julien,

I had been thinking quite a while before posting it here, and maybe I
shouldn't have mentioned the sipp SSL error. But I thought, end2end
testing of kamailio setups could be of general interest from a
Kamailio user point of view. And I hoped to get suggestions on how to
do it.

Thanks for the link to voip_patrol. I'm already playing with it. Still
stuck with needing a client certificate, though. I shouldn't need that
for a client, I'd think. But I'll try my best.

Regards,
Sebastian

On Wed, Dec 18, 2019 at 7:31 PM Julien Chavanton <jchavanton@gmail.com> wrote:
>
> Hi Sebastian, this is off topic for the Kamailio mailing list.
>
> You can use Voip_patrol :
> https://github.com/jchavanton/voip_patrol
>
> Once you have your certificate, key and ca_list in default location
> ./voip_patrol -c ./xml/tls.xml
>
> [18:24:51.800][INFO] main: TLS tcfg.tlsConfig.ca_list      :tls/ca_list.pem
> [18:24:51.800][INFO] main: TLS tcfg.tlsConfig.certFile     :tls/certificate.pem
> [18:24:51.800][INFO] main: TLS tcfg.tlsConfig.privKeyFile  :tls/key.pem
>
> tls.xml
>
> <?xml version="1.0"?>
> <config>
>     <actions>
>         <action type="register" transport="tls" expected_cause_code="200" username="VP_ENV_USERNAME" password="VP_ENV_PASSWORD" realm="domain.com" registrar="ep.domain.com"/>
>         <action type="wait" complete/>
>         <action type="accept" account="VP_ENV_USERNAME" max_duration="20" hangup="5"/>
>         <action type="call"  transport="tls"
>             wait_until="3" expected_cause_code="200"
>             caller="12062349971@1.1.1.1" callee="12012343238@ep.domain.com" max_duration="15" hangup="5"
>             username="VP_ENV_USERNAME" password="VP_ENV_PASSWORD" realm="domain.com"
>         />
>         <action type="wait" complete/>
>     </actions>
> </config>
>
> On Wed, Dec 18, 2019 at 8:34 AM Sebastian Damm <damm@sipgate.de> wrote:
>>
>> Hi,
>>
>> I'm trying to construct an end-to-end encrypted signalling test
>> through our setup. I thought I could use sipp for that, as it supports
>> TLS according to the man page. However, when I try to run it, I get
>> this error:
>>
>> FI_init_ssl_context: SSL_CTX_use_certificate_file failed.
>>
>> I searched the web; however, all similar questions end up without
>> answers. I tried specifying a local key and cert without success. I'd
>> think I should not need a cert for my client, though.
>>
>> Has anyone ever successfully conducted an automated TLS test? I'm open
>> to using a different tool if necessary.
>>
>> Thanks for all hints or examples.
>>
>> Regards,
>> Sebastian
>>
>> --
>> Sebastian Damm
>> Voice Engineer
>> __________________________________________
>> sipgate GmbH
>> Gladbacher Straße 74 | 40219 Düsseldorf
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users



--
Sebastian Damm
Voice Engineer

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users