users,您好!
Hi, You reply my question.But no answer my question. I build a openser with tls support,and client is minisip.I want to test the tls between server from client. I do my right cfg file on openser.I donn't know if you want to read it? please see the below: cfg file. debug=9 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 children=4 fifo="/tmp/openser_fifo" #fifo_db_url="mysql:mysql_url"
# # uncomment the following lines for TLS support disable_tls = 0 listen = tls:192.168.2.95:5061 tls_verify = 1 tls_require_certificate = 0 tls_method = SSLv23 tls_certificate = "/ca/demoCA/cacert.pem" tls_private_key = "/ca/demoCA/private/cakey.pem" tls_ca_list = "/ca/openser2/calist.pem"
down is by default.
I can start ser well,and I see the ser.log ,TLS is running,some ca files is loaded.now I start minisip phone to registar,but minisip phone's error messenge:"exception caught where creating tls server" I donn't konw why?
I donn't know if my detail is enough,If you are ok,please send me the steps help to test TLS cfg file or manual book for cookie.
I found the tls help file,
mkdir demoCA
This is the default CA name and it must be exactly as set in your openssl configuration /etc/ss/openssl.cnf :
how to set in openssl.cnf file? or if I didn't ,tls cann't be support?
致 礼!
Kenny Yeh 上海金叶通讯科技有限公司 TEL:8621-6421-6758 ext.311 kenny@artdio.com.tw 2006-01-04
First of all, repeating the e-mail several times won´t make people reluctant to answer...It's better to just send one and add all the appropriate info.
It looks like you have a problem in yor minisip configuration, not in openser. Take a look at the next link to check if your proxy configuration is OK. http://openser.org/docs/tls.html For the minisip configuration, wait for somebody else to answer because I don´t know how to solve it, maybe you can try minisip mailing list...
Sam.
2006/1/4, Kenny Yeh kenny@artdio.com.tw:
users,您好!
Hi,You reply my question.But no answer my question. I build a openser with tls support,and client is minisip.I want to test the tls between server from client. I do my right cfg file on openser.I donn't know if you want to read it? please see the below: cfg file. debug=9 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 children=4 fifo="/tmp/openser_fifo" #fifo_db_url="mysql:mysql_url"
# # uncomment the following lines for TLS support disable_tls = 0 listen = tls:192.168.2.95:5061 tls_verify = 1 tls_require_certificate = 0 tls_method = SSLv23 tls_certificate = "/ca/demoCA/cacert.pem" tls_private_key = "/ca/demoCA/private/cakey.pem" tls_ca_list = "/ca/openser2/calist.pem"
down is by default.
I can start ser well,and I see the ser.log ,TLS is running,some ca files is loaded.now I start minisip phone to registar,but minisip phone's error messenge:"exception caught where creating tls server" I donn't konw why? I donn't know if my detail is enough,If you are ok,please send me the steps help to test TLS cfg file or manual book for cookie. I found the tls help file,mkdir demoCA
This is the default CA name and it must be exactly as set in your openssl configuration /etc/ss/openssl.cnf :
how to set in openssl.cnf file? or if I didn't ,tls cann't be support?
致 礼!
Kenny Yeh 上海金叶通讯科技有限公司 TEL:8621-6421-6758 ext.311 kenny@artdio.com.tw 2006-01-04
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Kenny Yeh wrote:
users,您好!
Hi,You reply my question.But no answer my question. I build a openser with tls support,and client is minisip.I want to test the tls between server from client. I do my right cfg file on openser.I donn't know if you want to read it? please see the below: cfg file. debug=9 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 children=4 fifo="/tmp/openser_fifo" #fifo_db_url="mysql:mysql_url"
# # uncomment the following lines for TLS support disable_tls = 0 listen = tls:192.168.2.95:5061 tls_verify = 1 tls_require_certificate = 0 tls_method = SSLv23 tls_certificate = "/ca/demoCA/cacert.pem" tls_private_key = "/ca/demoCA/private/cakey.pem" tls_ca_list = "/ca/openser2/calist.pem"
Hi Kenny!
CA is the Caetificae Authority (the organization that signs the certificates).
tls_ca_list = "/ca/demoCA/cacert.pem"
The private key is YOUR private key, not the key of the CA! tls_private_key = "/ca/openser2/privkey.pem" The certificate is YOUR certificate, not the certificate of the CA! tls_certificate = "/ca/openser2/cert.pem"
further, I'm not sure if minisip supports SSL. Try: tls_method = TLSv1
regards Klaus
down is by default.
I can start ser well,and I see the ser.log ,TLS is running,some ca files is loaded.now I start minisip phone to registar,but minisip phone's error messenge:"exception caught where creating tls server" I donn't konw why? I donn't know if my detail is enough,If you are ok,please send me the steps help to test TLS cfg file or manual book for cookie. I found the tls help file,mkdir demoCA
This is the default CA name and it must be exactly as set in your openssl configuration /etc/ss/openssl.cnf :
how to set in openssl.cnf file? or if I didn't ,tls cann't be support?
致 礼!
Kenny Yeh 上海金叶通讯科技有限公司 TEL:8621-6421-6758 ext.311 kenny@artdio.com.tw 2006-01-04
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Kenny Yeh -
Klaus Darilion -
samuel