[SR-Users] please help to register sip phone to kamailio server via tls support.

peter_green lion betergreen at live.com
Mon Sep 6 11:19:02 CEST 2010 


> Date: Mon, 6 Sep 2010 10:26:38 +0200
> From: klaus.mailinglists at pernau.at
> To: betergreen at live.com
> CC: sr-users at lists.sip-router.org
> Subject: Re: [SR-Users] please help to register sip phone to kamailio server via tls support.
> 
> > log in :tail -f /var/log/message:
> >
> > Sep 4 05:18:50 appliance /usr/local/sbin/kamailio[3117]: ERROR: tls
> > [tls_server.c:392]: SSL error:error:14094418:SSL
> > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> >
> > in portgo : certificate validation failure.
> 
> It is rather clear - your SIP client does not accept the proxy's 
> certificate and thus terminates the TLS handshake with an "unknown ca" 
> error.
> 
> You have to configure your SIP client to accept the CA which has signed 
> the proxy's certificate.
> 
> regards
> klaus

Dear Klaus,

i have the same problem when add user-privkey.pem in SIP client, I use 3CX  soft phone.

when i run command : kamctl tls userCERT user

openssl creates three file.

INFO: Private key is locate at /usr/local/etc/kamailio//tls/user/user-privkey.pem
INFO: Certificate is locate at /usr/local/etc/kamailio//tls/user/user-cert.pem
INFO: CA-List is locate at /usr/local/etc/kamailio//tls/user/user-calist.pem

i copy user-privkey.pem to PC which have SIP client. after that i change the name to root_cert_3CXphone.pem to add to 3CX soft phone.
but problem is the same.

Sep  6 08:59:33 appliance /usr/local/sbin/kamailio[4442]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep  6 08:59:34 appliance /usr/local/sbin/kamailio[4437]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep  6 08:59:34 appliance /usr/local/sbin/kamailio[4438]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep  6 08:59:34 appliance /usr/local/sbin/kamailio[4440]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep  6 08:59:34 appliance /usr/local/sbin/kamailio[4442]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca


please tell me, if you know 
thanks so much.
Peter Green

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20100906/4b1e564c/attachment-0001.htm>

More information about the sr-users mailing list