[Users] Problem registering the UA with openSER(tls enabled)
Ncheeku Baranov
opensersubscribe at gmail.com
Fri Dec 29 15:21:24 CET 2006
Thanks Steffen. Is there any freely available tls client which can be used
to check this settings and the handshake? That will be really helpful..
Best regards,
NCheeku
On 12/28/06, Steffen Witt <witt.steffen at googlemail.com> wrote:
>
> Hello Ncheeku,
>
> change to the directory with your ".pem"
> files: /usr/local/etc/openser/tls/user
>
>
> Then you can test your TLS handshake with the following command:
>
> openssl s_server -cert user-cert.pem -key user-privkey.pem -state -accept
> 5061
>
> Openssl simulates a TLS server with your certificate/private key files
> and it accepts only requests at port 5061.
>
>
> Best regards,
> Steffen
>
>
>
> 2006/12/28, Ncheeku Baranov <opensersubscribe at gmail.com>:
> > Thanks a lot Steffen. Adding the new listen = udp:10.30.100.41:5060indeed
> > worked. How can I check the TLS handshake using openssl at the server?
> > Thanks a lot..
> >
> >
> >
> > On 12/28/06, Steffen Witt <witt.steffen at googlemail.com> wrote:
> > > Hello again,
> > >
> > > maybe you should add the following line to test your non-TLS UAs:
> > >
> > > disable_tls = 0
> > > listen = udp:10.30.100.41:5060 <---
> > > listen = tls:10.30.100.41:5061
> > >
> > >
> > > You can check your TLS handshake by simulating your server with
> openssl.
> > >
> > >
> > > Please have a look at the following link that describes the TLS
> support:
> > >
> > > http://www.openser.org/docs/tls.html
> > >
> > >
> > > Best regards,
> > > Steffen
> > >
> > >
> > >
> > >
> > > 2006/12/28, Ncheeku Baranov <opensersubscribe at gmail.com>:
> > > > Hi,
> > > >
> > > > I am trying to make my non-TLS/TLS UA register with my TLS enabled
> > openSER.
> > > > Currently I am just working on my local machine with the client UAs
> on
> > the
> > > > same subnet,(so there is only one domain, but its not named). Below
> is
> > my
> > > > configuration file:
> > > >
> > > > disable_tls = 0
> > > > listen = tls:10.30.100.41:5061
> > > > tls_verify_server = 1
> > > > tls_verify_client = 0
> > > > tls_require_client_certificate = 0
> > > > tls_method = TLSv1
> > > > tls_certificate =
> > "/usr/local/etc/openser/tls/user/user-
> > > > cert.pem"
> > > > tls_private_key =
> > "/usr/local/etc/openser/tls/user/user-
> > > > privkey.pem"
> > > > tls_ca_list =
> > > > "usr/local/etc/openser/tls/user/user-calist.pem"
> > > >
> > > > However, with the above configuration the client UAs couldnot
> register
> > and I
> > > > got 408 Request Time out Message. Is there any field that is missing
> to
> > make
> > > > this simple scenario work? What should be the values of
> > "tls_client_domain"
> > > > and "tls_server_domain" fields in this case?
> > > >
> > > > I noticed that when I start the openSER without TLS support using
> > > > "openserctl start" and do "ps -e" after that, there are more openSER
> > > > processes running than if I start openSER with TLS support in which
> case
> > I
> > > > see very few of these processes running.
> > > >
> > > > Your help is much appreciated....
> > > >
> > > > Best regards,
> > > > NCheeku
> > > >
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at openser.org
> > > > http://openser.org/cgi-bin/mailman/listinfo/users
> > > >
> > > >
> > > >
> > >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20061229/f89976b5/attachment.htm>
More information about the sr-users
mailing list