[SR-Users] help with tls error :sslv3 alert bad certificate
peter_green lion
betergreen at live.com
Thu Sep 9 12:00:13 CEST 2010
> Date: Thu, 9 Sep 2010 11:13:19 +0200
> From: klaus.mailinglists at pernau.at
> To: betergreen at live.com
> CC: sr-users at lists.sip-router.org
> Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate
>
>
>
> Am 09.09.2010 10:17, schrieb peter_green lion:
> > hi all,
> > i have configure tls support as this link:
> > http://www.kamailio.org/docs/tls-devel.html#id2451496
> > and i add certificate to 3CX sip phone is "cacert.pem" but when i
> > register sip phone, the log file in kamailio server is :
> >
> > Sep 9 15:13:36 appliance /usr/local/sbin/kamailio[2146]: ERROR: tls
> > [tls_server.c:392]: SSL error:error:14094412:SSL
> > routines:SSL3_READ_BYTES:sslv3 alert bad certificate
>
> I think the means that the SIP phone sends the ALERT because the it does
> not accept the certificate of the server. So you have to debug why the
> SIP phone does not accept the certificate.
>
> You really should test with another SIP client first.
>
> regards
> Klaus
>
> >
> > my configure in kamailio.cfg as :
> >
> > modparam("tls", "tls_method", "TLSv1")
> > modparam("tls", "tls_method", "SSLv23")
> > modparam("tls", "certificate",
> > "/usr/local/etc/kamailio//tls/user/user-cert.pem")
> > modparam("tls", "private_key",
> > "/usr/local/etc/kamailio//tls/user/user-privkey.pem")
> > modparam("tls", "ca_list",
> > "/usr/local/etc/kamailio//tls/user/user-calist.pem")
> > modparam("tls", "verify_certificate",0 )
> > modparam("tls", "require_certificate",0 )
> >
> >
> > please suggest to fix this error.
> > thanks and regards.
> > Peter Green.
> >
> >
> >
> > _______________________________________________
> > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> > sr-users at lists.sip-router.org
> > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
hi Klaus,
i add certificate to internet explorer, but it fail:
when i view this certificate i see that error:
"this certificate has expired or is not yet valid"
is mean this certificate is wrong ?
so how do i make it correct ?
thanks and regards,
Peter Green.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20100909/03e530b3/attachment.htm>
More information about the sr-users
mailing list