Hi All
I have some strange behavior of kamailio with TLS.
I have configured second IP addres on server, added it to tls listener, and tls.cfg file.
But when I try to connect using
openssl s_client -showcerts -connect 10.1.23.33:5061 -tls1 -state and openssl s_client -showcerts -connect 10.1.23.23:5061 -tls1 -state
I see same certificates (sip2 my config samples are bellow)
if I make changes in port number (for ip 10.1.23.33 set port 5091 in both config parts) - I see correct certificates.
Does anyone have this problem?
Thanks in advance.
----- listen section ----
listen=tls:10.1.23.23:5061 listen=tls:10.1.23.33:5061
----- tls.cfg ------
[server:default] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip1.key certificate = /etc/kamailio/keys/sip1.crt
[server:10.1.23.33:5061] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip1.key certificate = /etc/kamailio/keys/sip1.crt
[server:10.1.23.23:5061] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip2.key certificate = /etc/kamailio/keys/sip2.crt
-- Best regards, Sergey Basov e-mail: sergey.v.basov@gmail.com
Hello,
can you run with debug=3 in kamailio.cfg and see if you can spot anything relevant at startup, when the tls module is initialized and loads the certificates?
Cheers, Daniel
On 25/10/16 03:29, Sergey Basov wrote:
Hi All
I have some strange behavior of kamailio with TLS.
I have configured second IP addres on server, added it to tls listener, and tls.cfg file.
But when I try to connect using
openssl s_client -showcerts -connect 10.1.23.33:5061 -tls1 -state and openssl s_client -showcerts -connect 10.1.23.23:5061 -tls1 -state
I see same certificates (sip2 my config samples are bellow)
if I make changes in port number (for ip 10.1.23.33 set port 5091 in both config parts) - I see correct certificates.
Does anyone have this problem?
Thanks in advance.
----- listen section ----
listen=tls:10.1.23.23:5061 listen=tls:10.1.23.33:5061
----- tls.cfg ------
[server:default] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip1.key certificate = /etc/kamailio/keys/sip1.crt
[server:10.1.23.33:5061] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip1.key certificate = /etc/kamailio/keys/sip1.crt
[server:10.1.23.23:5061] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip2.key certificate = /etc/kamailio/keys/sip2.crt
-- Best regards, Sergey Basov e-mail: sergey.v.basov@gmail.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi Daniel,
In attachment part of the log with debug=3 after kamailio starts and when it is accepting connection to 10.1.23.23 and 10.1.23.33 port 5061
If you need more info I will try to provide it
kamailio v 4.4.3 on rhel 7 x86_64
Thank you. -- Best regards, Sergey Basov e-mail: sergey.v.basov@gmail.com
2016-10-25 9:29 GMT+03:00 Daniel-Constantin Mierla miconda@gmail.com:
Hello,
can you run with debug=3 in kamailio.cfg and see if you can spot anything relevant at startup, when the tls module is initialized and loads the certificates?
Cheers, Daniel
On 25/10/16 03:29, Sergey Basov wrote:
Hi All
I have some strange behavior of kamailio with TLS.
I have configured second IP addres on server, added it to tls listener, and tls.cfg file.
But when I try to connect using
openssl s_client -showcerts -connect 10.1.23.33:5061 -tls1 -state and openssl s_client -showcerts -connect 10.1.23.23:5061 -tls1 -state
I see same certificates (sip2 my config samples are bellow)
if I make changes in port number (for ip 10.1.23.33 set port 5091 in both config parts) - I see correct certificates.
Does anyone have this problem?
Thanks in advance.
----- listen section ----
listen=tls:10.1.23.23:5061 listen=tls:10.1.23.33:5061
----- tls.cfg ------
[server:default] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip1.key certificate = /etc/kamailio/keys/sip1.crt
[server:10.1.23.33:5061] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip1.key certificate = /etc/kamailio/keys/sip1.crt
[server:10.1.23.23:5061] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip2.key certificate = /etc/kamailio/keys/sip2.crt
-- Best regards, Sergey Basov e-mail: sergey.v.basov@gmail.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Training, Berlin, Oct 24-26, 2016 - http://www.asipto.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Sorry, Daniel Seems it my mistake in configuration.
All works as expected.
25 окт. 2016 г. 9:51 AM пользователь "Sergey Basov" < sergey.v.basov@gmail.com> написал:
Hi Daniel,
In attachment part of the log with debug=3 after kamailio starts and when it is accepting connection to 10.1.23.23 and 10.1.23.33 port 5061
If you need more info I will try to provide it
kamailio v 4.4.3 on rhel 7 x86_64
Thank you.
Best regards, Sergey Basov e-mail: sergey.v.basov@gmail.com
2016-10-25 9:29 GMT+03:00 Daniel-Constantin Mierla miconda@gmail.com:
Hello,
can you run with debug=3 in kamailio.cfg and see if you can spot anything relevant at startup, when the tls module is initialized and loads the certificates?
Cheers, Daniel
On 25/10/16 03:29, Sergey Basov wrote:
Hi All
I have some strange behavior of kamailio with TLS.
I have configured second IP addres on server, added it to tls listener, and tls.cfg file.
But when I try to connect using
openssl s_client -showcerts -connect 10.1.23.33:5061 -tls1 -state and openssl s_client -showcerts -connect 10.1.23.23:5061 -tls1 -state
I see same certificates (sip2 my config samples are bellow)
if I make changes in port number (for ip 10.1.23.33 set port 5091 in both config parts) - I see correct certificates.
Does anyone have this problem?
Thanks in advance.
----- listen section ----
listen=tls:10.1.23.23:5061 listen=tls:10.1.23.33:5061
----- tls.cfg ------
[server:default] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip1.key certificate = /etc/kamailio/keys/sip1.crt
[server:10.1.23.33:5061] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip1.key certificate = /etc/kamailio/keys/sip1.crt
[server:10.1.23.23:5061] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/keys/sip2.key certificate = /etc/kamailio/keys/sip2.crt
-- Best regards, Sergey Basov e-mail: sergey.v.basov@gmail.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Training, Berlin, Oct 24-26, 2016 -
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
Sergey Basov