Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link:
*https://pastebin.com/Veu8z9Pr https://pastebin.com/Veu8z9Pr*
Any help would be appreciated and thanks in advance.
Best Regards, Chandramouli.
from the error it looks like a permissions problem probably the 700 on the directory
Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown)
regards,
Richard
On 22/10/2025 14:14, Chandramouli P via sr-users wrote:
Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link:
*https://pastebin.com/Veu8z9Pr*
Any help would be appreciated and thanks in advance.
Best Regards, Chandramouli.
Kamailio - Users Mailing List - Non Commercial Discussions --sr-users@lists.kamailio.org To unsubscribe send an email tosr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Hello Richard,
Thank you for your reply. If you noticed the steps that I used to generate certificates, I had already given 700 permission to the "certs" directory.
1. mkdir -p /usr/local/etc/kamailio/certs 2. cd /usr/local/etc/kamailio/certs 3. chmod 700 /usr/local/etc/kamailio/certs
[root@rtpengine kamailio]# pwd
/usr/local/etc/kamailio
[root@rtpengine kamailio]#
[root@rtpengine kamailio]# ls -ll
drwx------ 2 root root 150 Oct 22 17:48 certs
[root@rtpengine kamailio]# ls -ll certs/
-rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem
-rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl
-rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem
-rw-r--r-- 1 root root 0 Oct 22 17:48 crl.pem
-rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem
-rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem
-rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem
Please advise me, is there any other part that I missed? Thank you in advance.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users < sr-users@lists.kamailio.org> wrote:
from the error it looks like a permissions problem probably the 700 on the directory
Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown)
regards,
Richard
On 22/10/2025 14:14, Chandramouli P via sr-users wrote:
Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link:
*https://pastebin.com/Veu8z9Pr https://pastebin.com/Veu8z9Pr*
Any help would be appreciated and thanks in advance.
Best Regards, Chandramouli.
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Are you using the user or group flags when starting Kamailio?
kamailio -u kamailio -g kamailio -m 64 -M 16
Kaufman Senior Voice Engineer
E: bkaufman@bcmone.com 24/7 support: 888.543.2000
[img]
SIP.UShttps://sip.us Client Support: 800.566.9810
SIPTRUNKhttps://siptrunk.com Client Support: 800.250.6510
Flowroutehttps://flowroute.com Client Support: 855.356.9768
________________________________ From: Chandramouli P via sr-users sr-users@lists.kamailio.org Sent: Wednesday, October 22, 2025 9:49 AM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Cc: Chandramouli P moulicto@gmail.com Subject: [SR-Users] Re: Unable to start Kamailio with TLS configuration
CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello Richard,
Thank you for your reply. If you noticed the steps that I used to generate certificates, I had already given 700 permission to the "certs" directory.
1. mkdir -p /usr/local/etc/kamailio/certs 2. cd /usr/local/etc/kamailio/certs 3. chmod 700 /usr/local/etc/kamailio/certs
[root@rtpengine kamailio]# pwd
/usr/local/etc/kamailio
[root@rtpengine kamailio]#
[root@rtpengine kamailio]# ls -ll
drwx------ 2 root root 150 Oct 22 17:48 certs
[root@rtpengine kamailio]# ls -ll certs/
-rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem
-rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl
-rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem
-rw-r--r-- 1 root root 0 Oct 22 17:48 crl.pem
-rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem
-rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem
-rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem
Please advise me, is there any other part that I missed? Thank you in advance.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> wrote:
from the error it looks like a permissions problem probably the 700 on the directory
Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown)
regards,
Richard
On 22/10/2025 14:14, Chandramouli P via sr-users wrote: Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link:
https://pastebin.com/Veu8z9Prhttps://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$
Any help would be appreciated and thanks in advance.
Best Regards, Chandramouli.
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.orgmailto:sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.orgmailto:sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Hello Ben,
Thank you for your reply. When I was installing Kamailio, I followed this:
groupadd -g 5000 kamailio
useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false kamailio
I am simply starting Kamailio like: systemctl start kamailio.service
Please find the below output for the command that you shared with me:
# kamailio -u kamailio -g kamailio -m 64 -M 16
Listening on
udp: 10.122.0.4:5060
tcp: 10.122.0.4:5060
tls: 10.122.0.4:5061
Aliases:
tls: rtpengine:5061
tcp: rtpengine:5060
udp: rtpengine:5060
*: 10.122.0.4:*
Thank you.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users < sr-users@lists.kamailio.org> wrote:
Are you using the user or group flags when starting Kamailio?
kamailio *-u kamailio -g kamailio* -m 64 -M 16
*Kaufman*
*Senior Voice Engineer *
E: bkaufman@bcmone.com 24/7 support: 888.543.2000
[image: img]
SIP.US https://sip.us Client Support: 800.566.9810
SIPTRUNK https://siptrunk.com Client Support: 800.250.6510
Flowroute https://flowroute.com Client Support: 855.356.9768
*From:* Chandramouli P via sr-users sr-users@lists.kamailio.org *Sent:* Wednesday, October 22, 2025 9:49 AM *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Cc:* Chandramouli P moulicto@gmail.com *Subject:* [SR-Users] Re: Unable to start Kamailio with TLS configuration
*CAUTION:* This email originated from outside the organization. *Do not click links or open attachments* unless you recognize the sender and know the content is safe.
Hello Richard,
Thank you for your reply. If you noticed the steps that I used to generate certificates, I had already given 700 permission to the "certs" directory.
- mkdir -p /usr/local/etc/kamailio/certs
- cd /usr/local/etc/kamailio/certs
- chmod 700 /usr/local/etc/kamailio/certs
[root@rtpengine kamailio]# pwd
/usr/local/etc/kamailio
[root@rtpengine kamailio]#
[root@rtpengine kamailio]# ls -ll
drwx------ 2 root root 150 Oct 22 17:48 certs
[root@rtpengine kamailio]# ls -ll certs/
-rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem
-rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl
-rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem
-rw-r--r-- 1 root root 0 Oct 22 17:48 crl.pem
-rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem
-rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem
-rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem
Please advise me, is there any other part that I missed? Thank you in advance.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users < sr-users@lists.kamailio.org> wrote:
from the error it looks like a permissions problem probably the 700 on the directory
Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown)
regards,
Richard
On 22/10/2025 14:14, Chandramouli P via sr-users wrote:
Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link:
*https://pastebin.com/Veu8z9Pr https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$*
Any help would be appreciated and thanks in advance.
Best Regards, Chandramouli.
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
It looks like tou have 700 for root user on th cert directory and are running kamailio as kamailio not route, which is correct, So can the kamailio user read the cert directory?
R
On 22/10/2025 16:48, Chandramouli P via sr-users wrote:
Hello Ben,
Thank you for your reply. When I was installing Kamailio, I followed this:
groupadd -g 5000 kamailio
useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false kamailio
I am simply starting Kamailio like: systemctl start kamailio.service
Please find the below output for the command that you shared with me:
# kamailio -u kamailio -g kamailio -m 64 -M 16
Listening on
udp: 10.122.0.4:5060 http://10.122.0.4:5060
tcp: 10.122.0.4:5060 http://10.122.0.4:5060
tls: 10.122.0.4:5061 http://10.122.0.4:5061
Aliases:
tls: rtpengine:5061
tcp: rtpengine:5060
udp: rtpengine:5060
*: 10.122.0.4:*
Thank you.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users sr-users@lists.kamailio.org wrote:
Are you using the user or group flags when starting Kamailio? kamailio *-u kamailio -g kamailio* -m 64 -M 16 *Kaufman*** /Senior Voice Engineer / E: bkaufman@bcmone.com 24/7 support: 888.543.2000 img SIP.US <https://sip.us> Client Support: 800.566.9810 SIPTRUNK <https://siptrunk.com> Client Support: 800.250.6510 Flowroute <https://flowroute.com> Client Support: 855.356.9768 ** ------------------------------------------------------------------------ *From:* Chandramouli P via sr-users <sr-users@lists.kamailio.org> *Sent:* Wednesday, October 22, 2025 9:49 AM *To:* Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> *Cc:* Chandramouli P <moulicto@gmail.com> *Subject:* [SR-Users] Re: Unable to start Kamailio with TLS configuration *CAUTION:* This email originated from outside the organization. _Do not click links or open attachments_ unless you recognize the sender and know the content is safe. Hello Richard, Thank you for your reply. If you noticed the steps that I used to generate certificates, I had already given 700 permission to the "certs" directory. 1. mkdir -p /usr/local/etc/kamailio/certs 2. cd /usr/local/etc/kamailio/certs 3. chmod 700 /usr/local/etc/kamailio/certs [root@rtpengine kamailio]# pwd /usr/local/etc/kamailio [root@rtpengine kamailio]# [root@rtpengine kamailio]# ls -ll drwx------ 2 root root 150 Oct 22 17:48 certs [root@rtpengine kamailio]# ls -ll certs/ -rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem -rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl -rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem -rw-r--r-- 1 root root0 Oct 22 17:48 crl.pem -rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem -rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem -rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem Please advise me, is there any other part that I missed? Thank you in advance. Best Regards, Chandramouli. On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users <sr-users@lists.kamailio.org> wrote: from the error it looks like a permissions problem probably the 700 on the directory Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown) regards, Richard On 22/10/2025 14:14, Chandramouli P via sr-users wrote:Hello, Please find my server environment below: Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4 I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link: *https://pastebin.com/Veu8z9Pr <https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$>* Any help would be appreciated and thanks in advance. Best Regards, Chandramouli. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions --sr-users@lists.kamailio.org To unsubscribe send an email tosr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions --sr-users@lists.kamailio.org To unsubscribe send an email tosr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Hello Richard,
Thank you for your reply. Yes. You are correct. But, eventhough, I am logged in as root, Kamailio is starting and functioning well with TCP and UDP. Please advise me the next steps to troubleshoot. Thank you.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 10:46 PM Richard Robson via sr-users < sr-users@lists.kamailio.org> wrote:
It looks like tou have 700 for root user on th cert directory and are running kamailio as kamailio not route, which is correct, So can the kamailio user read the cert directory?
R On 22/10/2025 16:48, Chandramouli P via sr-users wrote:
Hello Ben,
Thank you for your reply. When I was installing Kamailio, I followed this:
groupadd -g 5000 kamailio
useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false kamailio
I am simply starting Kamailio like: systemctl start kamailio.service
Please find the below output for the command that you shared with me:
# kamailio -u kamailio -g kamailio -m 64 -M 16
Listening on
udp: 10.122.0.4:5060 tcp: 10.122.0.4:5060 tls: 10.122.0.4:5061Aliases:
tls: rtpengine:5061 tcp: rtpengine:5060 udp: rtpengine:5060 *: 10.122.0.4:*Thank you.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users < sr-users@lists.kamailio.org> wrote:
Are you using the user or group flags when starting Kamailio?
kamailio *-u kamailio -g kamailio* -m 64 -M 16
*Kaufman*
*Senior Voice Engineer *
E: bkaufman@bcmone.com 24/7 support: 888.543.2000
[image: img]
SIP.US https://sip.us Client Support: 800.566.9810
SIPTRUNK https://siptrunk.com Client Support: 800.250.6510
Flowroute https://flowroute.com Client Support: 855.356.9768
*From:* Chandramouli P via sr-users sr-users@lists.kamailio.org *Sent:* Wednesday, October 22, 2025 9:49 AM *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Cc:* Chandramouli P moulicto@gmail.com *Subject:* [SR-Users] Re: Unable to start Kamailio with TLS configuration
*CAUTION:* This email originated from outside the organization. *Do not click links or open attachments* unless you recognize the sender and know the content is safe.
Hello Richard,
Thank you for your reply. If you noticed the steps that I used to generate certificates, I had already given 700 permission to the "certs" directory.
- mkdir -p /usr/local/etc/kamailio/certs
- cd /usr/local/etc/kamailio/certs
- chmod 700 /usr/local/etc/kamailio/certs
[root@rtpengine kamailio]# pwd
/usr/local/etc/kamailio
[root@rtpengine kamailio]#
[root@rtpengine kamailio]# ls -ll
drwx------ 2 root root 150 Oct 22 17:48 certs
[root@rtpengine kamailio]# ls -ll certs/
-rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem
-rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl
-rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem
-rw-r--r-- 1 root root 0 Oct 22 17:48 crl.pem
-rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem
-rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem
-rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem
Please advise me, is there any other part that I missed? Thank you in advance.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users < sr-users@lists.kamailio.org> wrote:
from the error it looks like a permissions problem probably the 700 on the directory
Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown)
regards,
Richard
On 22/10/2025 14:14, Chandramouli P via sr-users wrote:
Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link:
*https://pastebin.com/Veu8z9Pr https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$*
Any help would be appreciated and thanks in advance.
Best Regards, Chandramouli.
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
the error states that it cannot read the Cert files due to permission issues. that is what is stopping it loading and the certificates are only for tls. which is why it would load with only udo and tcp.
I would change the permissions on the cert directory for a start and see if that fixes it. make them permissable and step by step remove the psemissions, even put the files somewhere where the world can read them and test again. once the files are able to be read the instance should start.
R
On 22/10/2025 19:07, Chandramouli P wrote:
Hello Richard,
Thank you for your reply. Yes. You are correct. But, eventhough, I am logged in as root, Kamailio is starting and functioning well with TCP and UDP. Please advise me the next steps to troubleshoot. Thank you.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 10:46 PM Richard Robson via sr-users sr-users@lists.kamailio.org wrote:
It looks like tou have 700 for root user on th cert directory and are running kamailio as kamailio not route, which is correct, So can the kamailio user read the cert directory? R On 22/10/2025 16:48, Chandramouli P via sr-users wrote:Hello Ben, Thank you for your reply. When I was installing Kamailio, I followed this: groupadd -g 5000 kamailio useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false kamailio I am simply starting Kamailio like: systemctl start kamailio.service Please find the below output for the command that you shared with me: # kamailio -u kamailio -g kamailio -m 64 -M 16 Listening on udp: 10.122.0.4:5060 <http://10.122.0.4:5060> tcp: 10.122.0.4:5060 <http://10.122.0.4:5060> tls: 10.122.0.4:5061 <http://10.122.0.4:5061> Aliases: tls: rtpengine:5061 tcp: rtpengine:5060 udp: rtpengine:5060 *: 10.122.0.4:* Thank you. Best Regards, Chandramouli. On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users <sr-users@lists.kamailio.org> wrote: Are you using the user or group flags when starting Kamailio? kamailio *-u kamailio -g kamailio* -m 64 -M 16 *Kaufman*** /Senior Voice Engineer / E: bkaufman@bcmone.com 24/7 support: 888.543.2000 img SIP.US <https://sip.us> Client Support: 800.566.9810 SIPTRUNK <https://siptrunk.com> Client Support: 800.250.6510 Flowroute <https://flowroute.com> Client Support: 855.356.9768 ** ------------------------------------------------------------------------ *From:* Chandramouli P via sr-users <sr-users@lists.kamailio.org> *Sent:* Wednesday, October 22, 2025 9:49 AM *To:* Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> *Cc:* Chandramouli P <moulicto@gmail.com> *Subject:* [SR-Users] Re: Unable to start Kamailio with TLS configuration *CAUTION:* This email originated from outside the organization. _Do not click links or open attachments_ unless you recognize the sender and know the content is safe. Hello Richard, Thank you for your reply. If you noticed the steps that I used to generate certificates, I had already given 700 permission to the "certs" directory. 1. mkdir -p /usr/local/etc/kamailio/certs 2. cd /usr/local/etc/kamailio/certs 3. chmod 700 /usr/local/etc/kamailio/certs [root@rtpengine kamailio]# pwd /usr/local/etc/kamailio [root@rtpengine kamailio]# [root@rtpengine kamailio]# ls -ll drwx------ 2 root root 150 Oct 22 17:48 certs [root@rtpengine kamailio]# ls -ll certs/ -rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem -rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl -rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem -rw-r--r-- 1 root root0 Oct 22 17:48 crl.pem -rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem -rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem -rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem Please advise me, is there any other part that I missed? Thank you in advance. Best Regards, Chandramouli. On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users <sr-users@lists.kamailio.org> wrote: from the error it looks like a permissions problem probably the 700 on the directory Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown) regards, Richard On 22/10/2025 14:14, Chandramouli P via sr-users wrote:Hello, Please find my server environment below: Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4 I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link: *https://pastebin.com/Veu8z9Pr <https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$>* Any help would be appreciated and thanks in advance. Best Regards, Chandramouli. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions --sr-users@lists.kamailio.org To unsubscribe send an email tosr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions --sr-users@lists.kamailio.org To unsubscribe send an email tosr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Hello Richard,
Thank you for your reply. I resolved the permissions issue by giving chmod 644 certificates* command. Currently, what I am doing is, I am keeping the certificates in /tmp folder and giving 644 permission to the files and working fine. Here, /tmp directory permission is 1777 (drwxrwxrwt).
Now, I have created a new folder i.e. "certs" in /usr/local/etc/kamailio folder and given same permissions like chmod 1777 /usr/local/etc/kamailio/certs chmod 644 /usr/local/etc/kamailio/certs/certificates*
and It is not working. Any help would be appreciated and thank you in advance.
Best regards, Chandramouli.
On Wed, Oct 22, 2025 at 11:57 PM Richard Robson richard@rikrobson.co.uk wrote:
the error states that it cannot read the Cert files due to permission issues. that is what is stopping it loading and the certificates are only for tls. which is why it would load with only udo and tcp.
I would change the permissions on the cert directory for a start and see if that fixes it. make them permissable and step by step remove the psemissions, even put the files somewhere where the world can read them and test again. once the files are able to be read the instance should start.
R On 22/10/2025 19:07, Chandramouli P wrote:
Hello Richard,
Thank you for your reply. Yes. You are correct. But, eventhough, I am logged in as root, Kamailio is starting and functioning well with TCP and UDP. Please advise me the next steps to troubleshoot. Thank you.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 10:46 PM Richard Robson via sr-users < sr-users@lists.kamailio.org> wrote:
It looks like tou have 700 for root user on th cert directory and are running kamailio as kamailio not route, which is correct, So can the kamailio user read the cert directory?
R On 22/10/2025 16:48, Chandramouli P via sr-users wrote:
Hello Ben,
Thank you for your reply. When I was installing Kamailio, I followed this:
groupadd -g 5000 kamailio
useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false kamailio
I am simply starting Kamailio like: systemctl start kamailio.service
Please find the below output for the command that you shared with me:
# kamailio -u kamailio -g kamailio -m 64 -M 16
Listening on
udp: 10.122.0.4:5060 tcp: 10.122.0.4:5060 tls: 10.122.0.4:5061Aliases:
tls: rtpengine:5061 tcp: rtpengine:5060 udp: rtpengine:5060 *: 10.122.0.4:*Thank you.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users < sr-users@lists.kamailio.org> wrote:
Are you using the user or group flags when starting Kamailio?
kamailio *-u kamailio -g kamailio* -m 64 -M 16
*Kaufman*
*Senior Voice Engineer *
E: bkaufman@bcmone.com 24/7 support: 888.543.2000
[image: img]
SIP.US https://sip.us Client Support: 800.566.9810
SIPTRUNK https://siptrunk.com Client Support: 800.250.6510
Flowroute https://flowroute.com Client Support: 855.356.9768
*From:* Chandramouli P via sr-users sr-users@lists.kamailio.org *Sent:* Wednesday, October 22, 2025 9:49 AM *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Cc:* Chandramouli P moulicto@gmail.com *Subject:* [SR-Users] Re: Unable to start Kamailio with TLS configuration
*CAUTION:* This email originated from outside the organization. *Do not click links or open attachments* unless you recognize the sender and know the content is safe.
Hello Richard,
Thank you for your reply. If you noticed the steps that I used to generate certificates, I had already given 700 permission to the "certs" directory.
- mkdir -p /usr/local/etc/kamailio/certs
- cd /usr/local/etc/kamailio/certs
- chmod 700 /usr/local/etc/kamailio/certs
[root@rtpengine kamailio]# pwd
/usr/local/etc/kamailio
[root@rtpengine kamailio]#
[root@rtpengine kamailio]# ls -ll
drwx------ 2 root root 150 Oct 22 17:48 certs
[root@rtpengine kamailio]# ls -ll certs/
-rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem
-rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl
-rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem
-rw-r--r-- 1 root root 0 Oct 22 17:48 crl.pem
-rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem
-rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem
-rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem
Please advise me, is there any other part that I missed? Thank you in advance.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users < sr-users@lists.kamailio.org> wrote:
from the error it looks like a permissions problem probably the 700 on the directory
Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown)
regards,
Richard
On 22/10/2025 14:14, Chandramouli P via sr-users wrote:
Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link:
*https://pastebin.com/Veu8z9Pr https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$*
Any help would be appreciated and thanks in advance.
Best Regards, Chandramouli.
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
So what is the error in the logs now? I'm going to assume the certificates are the same in all cases. If its still a permisions issue it could be a directory lower down in the tree with more restrictive permission. it is hard to say without any logs.
R
On 03/11/2025 12:07, Chandramouli P wrote:
Hello Richard,
Thank you for your reply. I resolved the permissions issue by giving chmod 644 certificates* command. Currently, what I am doing is, I am keeping the certificates in /tmp folder and giving 644 permission to the files and working fine. Here, /tmp directory permission is 1777 (drwxrwxrwt).
Now, I have created a new folder i.e. "certs" in /usr/local/etc/kamailio folder and given same permissions like chmod 1777 /usr/local/etc/kamailio/certs chmod 644 /usr/local/etc/kamailio/certs/certificates*
and It is not working. Any help would be appreciated and thank you in advance.
Best regards, Chandramouli.
On Wed, Oct 22, 2025 at 11:57 PM Richard Robson richard@rikrobson.co.uk wrote:
the error states that it cannot read the Cert files due to permission issues. that is what is stopping it loading and the certificates are only for tls. which is why it would load with only udo and tcp. I would change the permissions on the cert directory for a start and see if that fixes it. make them permissable and step by step remove the psemissions, even put the files somewhere where the world can read them and test again. once the files are able to be read the instance should start. R On 22/10/2025 19:07, Chandramouli P wrote:Hello Richard, Thank you for your reply. Yes. You are correct. But, eventhough, I am logged in as root, Kamailio is starting and functioning well with TCP and UDP. Please advise me the next steps to troubleshoot. Thank you. Best Regards, Chandramouli. On Wed, Oct 22, 2025 at 10:46 PM Richard Robson via sr-users <sr-users@lists.kamailio.org> wrote: It looks like tou have 700 for root user on th cert directory and are running kamailio as kamailio not route, which is correct, So can the kamailio user read the cert directory? R On 22/10/2025 16:48, Chandramouli P via sr-users wrote:Hello Ben, Thank you for your reply. When I was installing Kamailio, I followed this: groupadd -g 5000 kamailio useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false kamailio I am simply starting Kamailio like: systemctl start kamailio.service Please find the below output for the command that you shared with me: # kamailio -u kamailio -g kamailio -m 64 -M 16 Listening on udp: 10.122.0.4:5060 <http://10.122.0.4:5060> tcp: 10.122.0.4:5060 <http://10.122.0.4:5060> tls: 10.122.0.4:5061 <http://10.122.0.4:5061> Aliases: tls: rtpengine:5061 tcp: rtpengine:5060 udp: rtpengine:5060 *: 10.122.0.4:* Thank you. Best Regards, Chandramouli. On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users <sr-users@lists.kamailio.org> wrote: Are you using the user or group flags when starting Kamailio? kamailio *-u kamailio -g kamailio* -m 64 -M 16 *Kaufman*** /Senior Voice Engineer / E: bkaufman@bcmone.com 24/7 support: 888.543.2000 img SIP.US <https://sip.us> Client Support: 800.566.9810 SIPTRUNK <https://siptrunk.com> Client Support: 800.250.6510 Flowroute <https://flowroute.com> Client Support: 855.356.9768 ** ------------------------------------------------------------------------ *From:* Chandramouli P via sr-users <sr-users@lists.kamailio.org> *Sent:* Wednesday, October 22, 2025 9:49 AM *To:* Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> *Cc:* Chandramouli P <moulicto@gmail.com> *Subject:* [SR-Users] Re: Unable to start Kamailio with TLS configuration *CAUTION:* This email originated from outside the organization. _Do not click links or open attachments_ unless you recognize the sender and know the content is safe. Hello Richard, Thank you for your reply. If you noticed the steps that I used to generate certificates, I had already given 700 permission to the "certs" directory. 1. mkdir -p /usr/local/etc/kamailio/certs 2. cd /usr/local/etc/kamailio/certs 3. chmod 700 /usr/local/etc/kamailio/certs [root@rtpengine kamailio]# pwd /usr/local/etc/kamailio [root@rtpengine kamailio]# [root@rtpengine kamailio]# ls -ll drwx------ 2 root root 150 Oct 22 17:48 certs [root@rtpengine kamailio]# ls -ll certs/ -rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem -rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl -rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem -rw-r--r-- 1 root root0 Oct 22 17:48 crl.pem -rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem -rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem -rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem Please advise me, is there any other part that I missed? Thank you in advance. Best Regards, Chandramouli. On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users <sr-users@lists.kamailio.org> wrote: from the error it looks like a permissions problem probably the 700 on the directory Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown) regards, Richard On 22/10/2025 14:14, Chandramouli P via sr-users wrote:Hello, Please find my server environment below: Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4 I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link: *https://pastebin.com/Veu8z9Pr <https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$>* Any help would be appreciated and thanks in advance. Best Regards, Chandramouli. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions --sr-users@lists.kamailio.org To unsubscribe send an email tosr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions --sr-users@lists.kamailio.org To unsubscribe send an email tosr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Hello Richard,
I put the SSL certificates in /etc folder and changed the permissions of files (chmod 644) and it worked fine. Thank you.
Best Regards, Chandramouli.
On Mon, Nov 3, 2025 at 10:19 PM Richard Robson richard@rikrobson.co.uk wrote:
So what is the error in the logs now? I'm going to assume the certificates are the same in all cases. If its still a permisions issue it could be a directory lower down in the tree with more restrictive permission. it is hard to say without any logs.
R On 03/11/2025 12:07, Chandramouli P wrote:
Hello Richard,
Thank you for your reply. I resolved the permissions issue by giving chmod 644 certificates* command. Currently, what I am doing is, I am keeping the certificates in /tmp folder and giving 644 permission to the files and working fine. Here, /tmp directory permission is 1777 (drwxrwxrwt).
Now, I have created a new folder i.e. "certs" in /usr/local/etc/kamailio folder and given same permissions like chmod 1777 /usr/local/etc/kamailio/certs chmod 644 /usr/local/etc/kamailio/certs/certificates*
and It is not working. Any help would be appreciated and thank you in advance.
Best regards, Chandramouli.
On Wed, Oct 22, 2025 at 11:57 PM Richard Robson richard@rikrobson.co.uk wrote:
the error states that it cannot read the Cert files due to permission issues. that is what is stopping it loading and the certificates are only for tls. which is why it would load with only udo and tcp.
I would change the permissions on the cert directory for a start and see if that fixes it. make them permissable and step by step remove the psemissions, even put the files somewhere where the world can read them and test again. once the files are able to be read the instance should start.
R On 22/10/2025 19:07, Chandramouli P wrote:
Hello Richard,
Thank you for your reply. Yes. You are correct. But, eventhough, I am logged in as root, Kamailio is starting and functioning well with TCP and UDP. Please advise me the next steps to troubleshoot. Thank you.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 10:46 PM Richard Robson via sr-users < sr-users@lists.kamailio.org> wrote:
It looks like tou have 700 for root user on th cert directory and are running kamailio as kamailio not route, which is correct, So can the kamailio user read the cert directory?
R On 22/10/2025 16:48, Chandramouli P via sr-users wrote:
Hello Ben,
Thank you for your reply. When I was installing Kamailio, I followed this:
groupadd -g 5000 kamailio
useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false kamailio
I am simply starting Kamailio like: systemctl start kamailio.service
Please find the below output for the command that you shared with me:
# kamailio -u kamailio -g kamailio -m 64 -M 16
Listening on
udp: 10.122.0.4:5060 tcp: 10.122.0.4:5060 tls: 10.122.0.4:5061Aliases:
tls: rtpengine:5061 tcp: rtpengine:5060 udp: rtpengine:5060 *: 10.122.0.4:*Thank you.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users < sr-users@lists.kamailio.org> wrote:
Are you using the user or group flags when starting Kamailio?
kamailio *-u kamailio -g kamailio* -m 64 -M 16
*Kaufman*
*Senior Voice Engineer *
E: bkaufman@bcmone.com 24/7 support: 888.543.2000
[image: img]
SIP.US https://sip.us Client Support: 800.566.9810
SIPTRUNK https://siptrunk.com Client Support: 800.250.6510
Flowroute https://flowroute.com Client Support: 855.356.9768
*From:* Chandramouli P via sr-users sr-users@lists.kamailio.org *Sent:* Wednesday, October 22, 2025 9:49 AM *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Cc:* Chandramouli P moulicto@gmail.com *Subject:* [SR-Users] Re: Unable to start Kamailio with TLS configuration
*CAUTION:* This email originated from outside the organization. *Do not click links or open attachments* unless you recognize the sender and know the content is safe.
Hello Richard,
Thank you for your reply. If you noticed the steps that I used to generate certificates, I had already given 700 permission to the "certs" directory.
- mkdir -p /usr/local/etc/kamailio/certs
- cd /usr/local/etc/kamailio/certs
- chmod 700 /usr/local/etc/kamailio/certs
[root@rtpengine kamailio]# pwd
/usr/local/etc/kamailio
[root@rtpengine kamailio]#
[root@rtpengine kamailio]# ls -ll
drwx------ 2 root root 150 Oct 22 17:48 certs
[root@rtpengine kamailio]# ls -ll certs/
-rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem
-rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl
-rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem
-rw-r--r-- 1 root root 0 Oct 22 17:48 crl.pem
-rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem
-rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem
-rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem
Please advise me, is there any other part that I missed? Thank you in advance.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users < sr-users@lists.kamailio.org> wrote:
from the error it looks like a permissions problem probably the 700 on the directory
Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown)
regards,
Richard
On 22/10/2025 14:14, Chandramouli P via sr-users wrote:
Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link:
*https://pastebin.com/Veu8z9Pr https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$*
Any help would be appreciated and thanks in advance.
Best Regards, Chandramouli.
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
This was essentially the crux of my question. You'd have to look at the Kamailio unit file to see what options it sets. You might also be able to get the extrapolated command via service kamailio status. When using the -u and -g flags, I know that the process is initiated by root and then permissions are dropped to the user/group, but I don't know at one point they get dropped. I assume that the certificate and key have to be readable by the user/group. Note: Running as a lower privileged user is a GOOD thing.
Regards, Kaufman ________________________________ From: Richard Robson via sr-users sr-users@lists.kamailio.org Sent: Wednesday, October 22, 2025 11:55 AM To: Chandramouli P via sr-users sr-users@lists.kamailio.org Cc: Richard Robson richard@rikrobson.co.uk Subject: [SR-Users] Re: Unable to start Kamailio with TLS configuration
CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
It looks like tou have 700 for root user on th cert directory and are running kamailio as kamailio not route, which is correct, So can the kamailio user read the cert directory?
R
On 22/10/2025 16:48, Chandramouli P via sr-users wrote: Hello Ben,
Thank you for your reply. When I was installing Kamailio, I followed this:
groupadd -g 5000 kamailio
useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false kamailio
I am simply starting Kamailio like: systemctl start kamailio.service
Please find the below output for the command that you shared with me:
# kamailio -u kamailio -g kamailio -m 64 -M 16
Listening on
udp: 10.122.0.4:5060https://urldefense.com/v3/__http://10.122.0.4:5060__;!!KWzduNI!euEhO3uHr8Zw-n7Ip3RazzOIVZmpq1ogWxyFUM7FIqdssrK4IXvHxArHWlug3MlF_N_ZQrqZqoP1-QH6F7v7drs$
tcp: 10.122.0.4:5060https://urldefense.com/v3/__http://10.122.0.4:5060__;!!KWzduNI!euEhO3uHr8Zw-n7Ip3RazzOIVZmpq1ogWxyFUM7FIqdssrK4IXvHxArHWlug3MlF_N_ZQrqZqoP1-QH6F7v7drs$
tls: 10.122.0.4:5061https://urldefense.com/v3/__http://10.122.0.4:5061__;!!KWzduNI!euEhO3uHr8Zw-n7Ip3RazzOIVZmpq1ogWxyFUM7FIqdssrK4IXvHxArHWlug3MlF_N_ZQrqZqoP1-QH6U6xd7H4$
Aliases:
tls: rtpengine:5061
tcp: rtpengine:5060
udp: rtpengine:5060
*: 10.122.0.4:*
Thank you.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> wrote: Are you using the user or group flags when starting Kamailio?
kamailio -u kamailio -g kamailio -m 64 -M 16
Kaufman Senior Voice Engineer
E: bkaufman@bcmone.commailto:bkaufman@bcmone.com 24/7 support: 888.543.2000
[img]
SIP.UShttps://urldefense.com/v3/__https://sip.us__;!!KWzduNI!euEhO3uHr8Zw-n7Ip3RazzOIVZmpq1ogWxyFUM7FIqdssrK4IXvHxArHWlug3MlF_N_ZQrqZqoP1-QH6pGSJ3aI$ Client Support: 800.566.9810
SIPTRUNKhttps://urldefense.com/v3/__https://siptrunk.com__;!!KWzduNI!euEhO3uHr8Zw-n7Ip3RazzOIVZmpq1ogWxyFUM7FIqdssrK4IXvHxArHWlug3MlF_N_ZQrqZqoP1-QH6iHLeDZs$ Client Support: 800.250.6510
Flowroutehttps://flowroute.com Client Support: 855.356.9768
________________________________ From: Chandramouli P via sr-users <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Sent: Wednesday, October 22, 2025 9:49 AM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Cc: Chandramouli P <moulicto@gmail.commailto:moulicto@gmail.com> Subject: [SR-Users] Re: Unable to start Kamailio with TLS configuration
CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello Richard,
Thank you for your reply. If you noticed the steps that I used to generate certificates, I had already given 700 permission to the "certs" directory.
1. mkdir -p /usr/local/etc/kamailio/certs 2. cd /usr/local/etc/kamailio/certs 3. chmod 700 /usr/local/etc/kamailio/certs
[root@rtpengine kamailio]# pwd
/usr/local/etc/kamailio
[root@rtpengine kamailio]#
[root@rtpengine kamailio]# ls -ll
drwx------ 2 root root 150 Oct 22 17:48 certs
[root@rtpengine kamailio]# ls -ll certs/
-rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem
-rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl
-rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem
-rw-r--r-- 1 root root 0 Oct 22 17:48 crl.pem
-rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem
-rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem
-rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem
Please advise me, is there any other part that I missed? Thank you in advance.
Best Regards, Chandramouli.
On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> wrote:
from the error it looks like a permissions problem probably the 700 on the directory
Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied (sni: unknown)
regards,
Richard
On 22/10/2025 14:14, Chandramouli P via sr-users wrote: Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x Kamailio version: 6.0.2 IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL. After configuring Kamailio, I am unable to start Kamailio. Please find the steps that I used to generate certificates along with configuration at the below link:
https://pastebin.com/Veu8z9Prhttps://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$
Any help would be appreciated and thanks in advance.
Best Regards, Chandramouli.
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.orgmailto:sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.orgmailto:sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.orgmailto:sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org To unsubscribe send an email to sr-users-leave@lists.kamailio.orgmailto:sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
-
Ben Kaufman -
Chandramouli P -
Richard Robson