[SR-Users] "Create Certificates to be used with Kamailio" changes
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Oct 1 09:00:22 CEST 2010
Am 30.09.2010 21:20, schrieb Juha Heinanen:
> Juha Heinanen writes:
>
>> i tried with command
>>
>> ssldump -i any -k /etc/sip-proxy/certs/sip-proxy/key.pem tcp and port 5061
>>
>> where /etc/sip-proxy/certs/sip-proxy/key.pem is the same file as
>> specified as tls module private key:
>>
>> modparam("tls", "private_key", "/etc/sip-proxy/certs/sip-proxy/key.pem")
>>
>> nothing comes to console. i must have misunderstood the command. i
>> also tried with -i eth0, but it didn't help.
>
> i was able to figure out how do to it using wireshark. one needs to go
> to Preferences/Protocols/SSL and there add to RSA keys list:
>
> <ip-of-sip-proxy>,5061,sip,/etc/certs/sip.mydomain.com/key.pem
>
> then in Options specify 'port 5061'. after that, new ssl connections
> will be shown in clear.
>
> i don't know why ssldump didn't work with the same key.pem file.
Just a note: this only works when non-DH ciphers are used. I added a
wiki page:
http://www.kamailio.org/dokuwiki/doku.php/tls:tls-decoding
regards
Klaus
More information about the sr-users
mailing list