9 Sep
2010
9 Sep
'10
6 a.m.
Date: Thu, 9 Sep 2010 11:13:19 +0200
From: klaus.mailinglists(a)pernau.at
To: betergreen(a)live.com
CC: sr-users(a)lists.sip-router.org
Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate
Am 09.09.2010 10:17, schrieb peter_green lion:
hi Klaus,
i add certificate to internet explorer, but it fail:
when i view this certificate i see that error:
"this certificate has expired or is not yet valid"
is mean this certificate is wrong ?
so how do i make it correct ?
thanks and regards,
Peter Green.
hi all,
i have configure tls support as this link:
http://www.kamailio.org/docs/tls-devel.html#id2451496
and i add certificate to 3CX sip phone is "cacert.pem" but when i
register sip phone, the log file in kamailio server is :
Sep 9 15:13:36 appliance /usr/local/sbin/kamailio[2146]: ERROR: tls
[tls_server.c:392]: SSL error:error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate
I think the means that the SIP phone sends the ALERT because the it does
not accept the certificate of the server. So you have to debug why the
SIP phone does not accept the certificate.
You really should test with another SIP client first.
regards
Klaus
>
> my configure in kamailio.cfg as :
>
> modparam("tls", "tls_method", "TLSv1")
> modparam("tls", "tls_method", "SSLv23")
> modparam("tls", "certificate",
> "/usr/local/etc/kamailio//tls/user/user-cert.pem")
> modparam("tls", "private_key",
> "/usr/local/etc/kamailio//tls/user/user-privkey.pem")
> modparam("tls", "ca_list",
> "/usr/local/etc/kamailio//tls/user/user-calist.pem")
> modparam("tls", "verify_certificate",0 )
> modparam("tls", "require_certificate",0 )
>
>
> please suggest to fix this error.
> thanks and regards.
> Peter Green.
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users(a)lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users