[SR-Users] help with tls error :sslv3 alert bad certificate
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Sep 9 11:13:19 CEST 2010
Am 09.09.2010 10:17, schrieb peter_green lion:
> hi all,
> i have configure tls support as this link:
> http://www.kamailio.org/docs/tls-devel.html#id2451496
> and i add certificate to 3CX sip phone is "cacert.pem" but when i
> register sip phone, the log file in kamailio server is :
>
> Sep 9 15:13:36 appliance /usr/local/sbin/kamailio[2146]: ERROR: tls
> [tls_server.c:392]: SSL error:error:14094412:SSL
> routines:SSL3_READ_BYTES:sslv3 alert bad certificate
I think the means that the SIP phone sends the ALERT because the it does
not accept the certificate of the server. So you have to debug why the
SIP phone does not accept the certificate.
You really should test with another SIP client first.
regards
Klaus
>
> my configure in kamailio.cfg as :
>
> modparam("tls", "tls_method", "TLSv1")
> modparam("tls", "tls_method", "SSLv23")
> modparam("tls", "certificate",
> "/usr/local/etc/kamailio//tls/user/user-cert.pem")
> modparam("tls", "private_key",
> "/usr/local/etc/kamailio//tls/user/user-privkey.pem")
> modparam("tls", "ca_list",
> "/usr/local/etc/kamailio//tls/user/user-calist.pem")
> modparam("tls", "verify_certificate",0 )
> modparam("tls", "require_certificate",0 )
>
>
> please suggest to fix this error.
> thanks and regards.
> Peter Green.
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
More information about the sr-users
mailing list