Hi, I have a kamailio tls configuration which is working fine for calls & messages In the tls configuration i set these parameters to yes for the server and client
verify_certificate = yes require_certificate = yes
But when I use "kamctl fifo t_uac_dlg MESSAGE" to send a message I get the following errors, when verify_certificate & require_certificate are set to no the message is sent correctly. Can somebody please help me resolve this issue.
tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
<core> [tcp_read.c:1326]: tcp_read_req(): ERROR: tcp_read_req: error reading
tls [tls_server.c:1193]: tls_read_f(): TLS accept:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
<core> [tcp_read.c:1326]: tcp_read_req(): ERROR: tcp_read_req: error reading
Thanks
Ahmed
Hello,
have you configured the client section in tls.cfg. Perhaps kamailio is trying to connect to itself (looping) to send the request.
Cheers, Daniel
On 21/10/15 13:31, Ahmed Salem wrote:
Hi, I have a kamailio tls configuration which is working fine for calls & messages In the tls configuration i set these parameters to yes for the server and client
verify_certificate = yes require_certificate = yes
But when I use "kamctl fifo t_uac_dlg MESSAGE" to send a message I get the following errors, when verify_certificate & require_certificate are set to no the message is sent correctly. Can somebody please help me resolve this issue.
tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
<core> [tcp_read.c:1326]: tcp_read_req(): ERROR: tcp_read_req: error reading
tls [tls_server.c:1193]: tls_read_f(): TLS accept:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
<core> [tcp_read.c:1326]: tcp_read_req(): ERROR: tcp_read_req: error reading
Thanks
Ahmed
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi,
Yes I did.
[client:default]
verify_certificate = yes
require_certificate = yes
Do I have to add anything more?
Thanks
Ahmed
On Fri, Oct 23, 2015 at 3:12 PM, Daniel-Constantin Mierla <miconda@gmail.com
wrote:
Hello,
have you configured the client section in tls.cfg. Perhaps kamailio is trying to connect to itself (looping) to send the request.
Cheers, Daniel
On 21/10/15 13:31, Ahmed Salem wrote:
Hi, I have a kamailio tls configuration which is working fine for calls & messages In the tls configuration i set these parameters to yes for the server and client
verify_certificate = yes require_certificate = yes
But when I use "kamctl fifo t_uac_dlg MESSAGE" to send a message I get the following errors, when verify_certificate & require_certificate are set to no the message is sent correctly. Can somebody please help me resolve this issue.
tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
<core> [tcp_read.c:1326]: tcp_read_req(): ERROR: tcp_read_req: error reading
tls [tls_server.c:1193]: tls_read_f(): TLS accept:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
<core> [tcp_read.c:1326]: tcp_read_req(): ERROR: tcp_read_req: error reading
Thanks
Ahmed
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello,
On 24/10/15 15:16, Ahmed Salem wrote:
Hi,
Yes I did.
[client:default]
verify_certificate = yes
require_certificate = yes
Do I have to add anything more?
you have to set the certificate and private key that have to be used when acting as client.
Cheers, Daniel
Hi , I added the certificate and the private key but it didn't work. When I created my certificate I added a passphrase does it matter?
Thanks Ahmed
On Mon, Oct 26, 2015 at 10:01 AM, Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Hello,
On 24/10/15 15:16, Ahmed Salem wrote:
Hi,
Yes I did.
[client:default]
verify_certificate = yes
require_certificate = yes
Do I have to add anything more?
you have to set the certificate and private key that have to be used when acting as client.
Cheers, Daniel
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com Kamailio Advanced Training, Nov 30-Dec 2, Berlin - http://asipto.com/kat
Hello,
you need certificate/key without password, because kamailio cannot enter it to load the files.
Cheers, Daniel
On 02/11/15 09:55, Ahmed Salem wrote:
Hi , I added the certificate and the private key but it didn't work. When I created my certificate I added a passphrase does it matter?
Thanks Ahmed
On Mon, Oct 26, 2015 at 10:01 AM, Daniel-Constantin Mierla <miconda@gmail.com mailto:miconda@gmail.com> wrote:
Hello, On 24/10/15 15:16, Ahmed Salem wrote: > Hi, > > Yes I did. > > [client:default] > > verify_certificate = yes > > require_certificate = yes > > Do I have to add anything more? > > you have to set the certificate and private key that have to be used when acting as client. Cheers, Daniel -- Daniel-Constantin Mierla http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com Kamailio Advanced Training, Nov 30-Dec 2, Berlin - http://asipto.com/kat
-
Ahmed Salem -
Daniel-Constantin Mierla