[Users] Problem registering the UA with openSER(tls enabled)

Steffen Witt witt.steffen at googlemail.com
Thu Dec 28 23:56:53 CET 2006 

Hello Ncheeku,

change to the directory with your ".pem" files:  /usr/local/etc/openser/tls/user


Then you can test your TLS handshake with the following command:

openssl s_server -cert user-cert.pem -key user-privkey.pem -state -accept 5061

Openssl simulates a TLS server with your certificate/private key files
and it accepts only requests at port 5061.


Best regards,
Steffen



2006/12/28, Ncheeku Baranov <opensersubscribe at gmail.com>:
> Thanks a lot Steffen. Adding the new listen = udp:10.30.100.41:5060 indeed
> worked. How can I check the TLS handshake using openssl at the server?
> Thanks a lot..
>
>
>
> On 12/28/06, Steffen Witt <witt.steffen at googlemail.com> wrote:
> > Hello again,
> >
> > maybe you should add the following line to test your non-TLS UAs:
> >
> > disable_tls = 0
> > listen = udp:10.30.100.41:5060   <---
> > listen = tls:10.30.100.41:5061
> >
> >
> > You can check your TLS handshake by simulating your server with openssl.
> >
> >
> > Please have a look at the following link that describes the TLS support:
> >
> > http://www.openser.org/docs/tls.html
> >
> >
> > Best regards,
> > Steffen
> >
> >
> >
> >
> > 2006/12/28, Ncheeku Baranov <opensersubscribe at gmail.com>:
> > > Hi,
> > >
> > > I am trying to make my non-TLS/TLS UA register with my TLS enabled
> openSER.
> > > Currently I am just working on my local machine with the client UAs on
> the
> > > same subnet,(so there is only one domain, but its not named). Below is
> my
> > > configuration file:
> > >
> > > disable_tls = 0
> > > listen = tls:10.30.100.41:5061
> > > tls_verify_server = 1
> > > tls_verify_client = 0
> > > tls_require_client_certificate = 0
> > > tls_method = TLSv1
> > > tls_certificate =
> "/usr/local/etc/openser/tls/user/user-
> > > cert.pem"
> > > tls_private_key =
> "/usr/local/etc/openser/tls/user/user-
> > > privkey.pem"
> > > tls_ca_list =
> > > "usr/local/etc/openser/tls/user/user-calist.pem"
> > >
> > > However, with the above configuration the client UAs couldnot register
> and I
> > > got 408 Request Time out Message. Is there any field that is missing to
> make
> > > this simple scenario work? What should be the values of
> "tls_client_domain"
> > > and "tls_server_domain" fields in this case?
> > >
> > > I noticed that when I start the openSER without TLS support using
> > > "openserctl start" and do "ps -e" after that, there are more openSER
> > > processes running than if I start openSER with TLS support in which case
> I
> > > see very few of these processes running.
> > >
> > > Your help is much appreciated....
> > >
> > > Best regards,
> > > NCheeku
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at openser.org
> > > http://openser.org/cgi-bin/mailman/listinfo/users
> > >
> > >
> > >
> >
>
>

More information about the sr-users mailing list