Sorry, Daniel
Seems it my mistake in configuration.

All works as expected.


25 окт. 2016 г. 9:51 AM пользователь "Sergey Basov" <sergey.v.basov@gmail.com> написал:
Hi Daniel,

In attachment part of the log with debug=3 after kamailio starts and
when it is accepting connection to 10.1.23.23 and 10.1.23.33 port 5061

If you need more info I will try to provide it

kamailio v 4.4.3 on rhel 7 x86_64

Thank you.
--
Best regards,
Sergey Basov                     e-mail: sergey.v.basov@gmail.com



2016-10-25 9:29 GMT+03:00 Daniel-Constantin Mierla <miconda@gmail.com>:
> Hello,
>
> can you run with debug=3 in kamailio.cfg and see if you can spot
> anything relevant at startup, when the tls module is initialized and
> loads the certificates?
>
> Cheers,
> Daniel
>
>
> On 25/10/16 03:29, Sergey Basov wrote:
>> Hi All
>>
>> I have some strange behavior of kamailio with TLS.
>>
>> I have configured second IP addres on server, added it to tls
>> listener, and tls.cfg file.
>>
>> But when I try to connect using
>>
>> openssl s_client -showcerts -connect 10.1.23.33:5061 -tls1 -state
>> and
>> openssl s_client -showcerts -connect 10.1.23.23:5061 -tls1 -state
>>
>> I see same certificates (sip2 my config samples are bellow)
>>
>> if I make changes in port number (for ip 10.1.23.33 set port 5091 in
>> both config parts) - I see correct certificates.
>>
>> Does anyone have this problem?
>>
>> Thanks in advance.
>>
>> ----- listen section ----
>>
>> listen=tls:10.1.23.23:5061
>> listen=tls:10.1.23.33:5061
>>
>> ----- tls.cfg ------
>>
>> [server:default]
>> method = TLSv1+
>> verify_certificate = no
>> require_certificate = no
>> private_key = /etc/kamailio/keys/sip1.key
>> certificate = /etc/kamailio/keys/sip1.crt
>>
>> [server:10.1.23.33:5061]
>> method = TLSv1+
>> verify_certificate = no
>> require_certificate = no
>> private_key = /etc/kamailio/keys/sip1.key
>> certificate = /etc/kamailio/keys/sip1.crt
>>
>> [server:10.1.23.23:5061]
>> method = TLSv1+
>> verify_certificate = no
>> require_certificate = no
>> private_key = /etc/kamailio/keys/sip2.key
>> certificate = /etc/kamailio/keys/sip2.crt
>>
>> --
>> Best regards,
>> Sergey Basov                     e-mail: sergey.v.basov@gmail.com
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users@lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Kamailio Advanced Training, Berlin, Oct 24-26, 2016 - http://www.asipto.com
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users