On Tue, Mar 18, 2014 at 3:12 PM, Rene Montilva <renemontilva@gmail.com> wrote:
[server:192.168.1.1:5061]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/key.pem
certificate = /etc/kamailio/cert.pem

[client:default]
verify_certificate = no
require_certificate = no


But when a reload kamailio

i get the follow error:

Mar 18 16:36:50 softswitch /usr/sbin/kamailio[23330]: ERROR: tls [tls_domain.c:906]: load_private_key(): TLSs<default>: Unable to load private key file '/etc/kamailio/cert.pem'


Why try to find '/etc/kamailio/cert.pem' for a private key??

I'm not an expert, but I tested it out and from what I can tell you need a [server:default] section before you can have an IP-specific section. So you can either put your options into default, or at least define a default before creating [server:192.168.1.1:5061].

Also as a side note, I would recommend you support TLSv1. SSLv2 has some significant security issues and should be avoided.

Corey




On Tue, Mar 18, 2014 at 3:12 PM, Rene Montilva <renemontilva@gmail.com> wrote:
Hi List

i'm trying config sip with tls module, my config for module in kamailio.cfg is this:


#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config", "/etc/kamailio/tls.cfg")
#!endif


in tls.cfg is this:

[server:192.168.1.1:5061]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/key.pem
certificate = /etc/kamailio/cert.pem

[client:default]
verify_certificate = no
require_certificate = no


But when a reload kamailio

i get the follow error:

Mar 18 16:36:50 softswitch /usr/sbin/kamailio[23330]: ERROR: tls [tls_domain.c:906]: load_private_key(): TLSs<default>: Unable to load private key file '/etc/kamailio/cert.pem'


Why try to find '/etc/kamailio/cert.pem' for a private key??



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users