[Users] help for openser with tls test

Klaus Darilion klaus.mailinglists at pernau.at
Wed Jan 4 10:55:20 CET 2006 

Kenny Yeh wrote:
> users,您好!
> 
> 	    Hi,
>    You reply my question.But no answer my question.
> I build a openser with tls support,and client is minisip.I want to test the tls between server from client.
>    I do my right cfg file on openser.I donn't know if you want to read it? please see the below:
>    cfg file.
> debug=9            # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=no    # (cmd line: -E)
> 
> check_via=no    # (cmd. line: -v)
> dns=no          # (cmd. line: -r)
> rev_dns=no      # (cmd. line: -R)
> #port=5060
> children=4
> fifo="/tmp/openser_fifo"
> #fifo_db_url="mysql:mysql_url"
> 
> #
> # uncomment the following lines for TLS support
> disable_tls = 0
> listen = tls:192.168.2.95:5061
> tls_verify = 1
> tls_require_certificate = 0
> tls_method = SSLv23
> tls_certificate = "/ca/demoCA/cacert.pem"
> tls_private_key = "/ca/demoCA/private/cakey.pem"
> tls_ca_list = "/ca/openser2/calist.pem"

Hi Kenny!

CA is the Caetificae Authority (the organization that signs the
certificates).

tls_ca_list = "/ca/demoCA/cacert.pem"

The private key is YOUR private key, not the key of the CA!
tls_private_key = "/ca/openser2/privkey.pem"
The certificate is YOUR certificate, not the certificate of the CA!
tls_certificate = "/ca/openser2/cert.pem"

further, I'm not sure if minisip supports SSL. Try:
tls_method = TLSv1

regards
Klaus
> down is by default.
>    
>       I can start ser well,and I see the ser.log ,TLS is running,some ca files is loaded.now I start minisip phone to registar,but minisip phone's error messenge:"exception caught where creating tls server" I donn't konw why?
> 
>       I donn't know if my detail is enough,If you are ok,please send me the steps help to test TLS cfg file or manual book for cookie.
> 
>       I found the tls help file,
> 
> mkdir demoCA
> 
> This is the default CA name and it must be exactly as set in your openssl configuration /etc/ss/openssl.cnf : 
> 
> how to set in openssl.cnf file? or if I didn't ,tls cann't be support?
> 
> 
>         致
> 礼!
>  				
> 
>         Kenny Yeh
>                上海金叶通讯科技有限公司
>                TEL:8621-6421-6758 ext.311
>         kenny at artdio.com.tw
>           2006-01-04
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users

More information about the sr-users mailing list