[Serusers] Issue with auth_identity
jerome.herve at orange-ftgroup.com
jerome.herve at orange-ftgroup.com
Fri Dec 12 11:05:38 CET 2008
hello everyone,
I still have an issue with auth_identity :
I have this error: AUTH_IDENTITY VERIFIER: common name of certificate doesn't match host name
The common name of my certificate is the name of my domain (used in Identity Info URL).
I believe I've done the correct thing...
Any idea guys ?
Cheers,
Jérôme HERVE
-----Message d'origine-----
De : Kovács Gergely [mailto:kg at testbike.hu]
Envoyé : jeudi 11 décembre 2008 22:23
À : zze-HERVE Jerome RD-CORE-LAN
Objet : Re: [Serusers] Issue with auth_identity
Hi Jerome,
I'm the one who developed auth_identity few years ago. I checked the source and it seems that your auth_identity was unable to decode the certificate that it had been successfully downloaded.
How did you generate the certificates? Auth_identity supports only openssl!
Of course I had it working :) You can find SER config snippets in the manual of the module: http://www.iptel.org/auth_identity_0
Shall I write you the openssl command line switches I used for generating certificates?
Cheers,
Gergo
> -------- Original Message --------
> Subject: Re: [Serusers] Issue with auth_identity
> Date: Wed, 10 Dec 2008 16:06:08 +0100
> From: <jerome.herve at orange-ftgroup.com>
> To: <victor.pascual.avila at gmail.com>
> CC: serusers at lists.iptel.org
>
> Hi,
> Yes I've tried again with other certificates.
> It happens before the vrfy_check_certificate...
> During the function vrfy_get_certificate.
> I really don't understand it.
> If I put a wrong certificate name, I have a 404 Not Found so I
believe
> it sees the certificate.
> But maybe it doesn't manage to download it.
> Did you manage to make this working?
>
>
> Jérôme HERVE
> FT/NSM/RD/CORE/M2V/SID
> tél. 02 96 05 27 41
> mob. 06 76 15 18 49
> jerome.herve at orange-ftgroup.com
>
>
> -----Message d'origine-----
> De : Victor Pascual Ávila [mailto:victor.pascual.avila at gmail.com]
> Envoyé : mercredi 10 décembre 2008 14:13 À : zze-HERVE Jerome
> RD-CORE-LAN Cc : serusers at lists.iptel.org Objet : Re: [Serusers] Issue
> with auth_identity
>
> Hi Jerome,
> I'm not sure about this but have you tried using other certificates?
>
> Cheers,
> -Victor
>
> On Wed, Dec 10, 2008 at 11:30 AM, <jerome.herve at orange-ftgroup.com>
wrote:
>> Hello,
>>
>> I am trying to put in place auth_identity between 2 SER proxies and
it
>> doesn't work well.
>> The first one manages to add identity and identity_info fields and
to
>> send the INVITE to the other proxy.
>> But when the other proxy receive the message and does his tests
there
>> is an issue.
>> It sends back a 436 Bad Identity Info. The error happens during the
>> "vrfy_get_certificate" function (function which downloads the
>> certificate thanks to identity_info URL).
>>
>> On my proxy logs, I can see this : AUTH_IDENTITY:retrieve_x509: DER
>> Certificate error:0D0680A8:asn1 encoding
>> routines:ASN1_CHECK_TLEN:wrong tag
>>
>> I really don't know what to do, do you have any idea?
>> Thanks,
>> Regards,
>>
>> Jérôme HERVE
>>
>> _______________________________________________
>> Serusers mailing list
>> Serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>
>
>
> --
> Victor Pascual Ávila
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list