[Users] OpenSER TLS with Windows Messenger

Cesc cesc.santa at gmail.com
Mon Jan 16 11:15:20 CET 2006


Hi,

I have no idea what win messgr expects as a server certificate, but
the error messages indicates that wmsgr is not accepting as valid the
certificate your openser is providing.
Probably wmsgr expects a "valid" cert, that is, one signed by some of
the trusted roots.
You should try to add the root certificate of your openser (not the
server cert, the root cert that you used to sign the server's) as a
trusted certificate into windows ... i think you can do that through
the control panel or internet explorer ... Never tried all this, so it
may not work ...

Regards,

Cesc



On 1/16/06, Cagri Koksal <koksal.cagri at gmail.com> wrote:
> Hi all,
> I'm trying to test openset TLS feature with windows messenger.
>
> I setup openser on Debian Linux and modified the openser.cfg and openssl.cnf
> as required by the TLS faq and docs at openser.org.
>
> When I try to sign in using windows messenger I got the following message
> from OpenSer: "tls-accept: Error in SSL:" At the same time windows messenger
> gives the following error messenger; "There was a problem verifying the
> certificate from the server ....."
>
> Here is an excerpt from my openser.cfg -
>
> disable_tls = 0
> listen = tls:192.168.0.128:5061
> tls_verify = 0
> tls_require_certificate = 0
> tls_method = TLSv1 ( I also tried SSLv23 )
> tls_certificate =
> "/usr/local/etc/openser/tls/sipsrv_rootCA/sipsrv01/cert.pem"
>
> tls_private_key =
> "/usr/local/etc/openser/tls/sipsrv_rootCA/sipsrv01/privkey.pem"
>
> tls_ca_list =
> "/usr/local/etc/openser/tls/sipsrv_rootCA/sipsrv01/calist.pem"
>
> and an excerpt from my openssl.cnf
>
> dir = "/usr/local/etc/openser/tls/sipsrv_rootCA/demoCA"
> certs = $dir/certs
> crl_dir = $dir/crl
> database = $dir/index.txt
> new_certs_dir = $dir/newcerts
> certificate = $dir/cacert.pem
> serial = $dir/serial
> crl = $dir/crl.pem
>
> I also used the existing certificates that come with openser-tls package. It
> resulted the same.
>
> Any suggestion or guidance is appreciated, thanks.
>
> -Cagri Koksal
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>
>
>




More information about the sr-users mailing list