[SR-Users] help with tls error :sslv3 alert bad certificate
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Sep 9 16:17:18 CEST 2010
Am 09.09.2010 12:00, schrieb peter_green lion:
>
> > Date: Thu, 9 Sep 2010 11:13:19 +0200
> > From: klaus.mailinglists at pernau.at
> > To: betergreen at live.com
> > CC: sr-users at lists.sip-router.org
> > Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate
> >
> >
> >
> > Am 09.09.2010 10:17, schrieb peter_green lion:
> > > hi all,
> > > i have configure tls support as this link:
> > > http://www.kamailio.org/docs/tls-devel.html#id2451496
> > > and i add certificate to 3CX sip phone is "cacert.pem" but when i
> > > register sip phone, the log file in kamailio server is :
> > >
> > > Sep 9 15:13:36 appliance /usr/local/sbin/kamailio[2146]: ERROR: tls
> > > [tls_server.c:392]: SSL error:error:14094412:SSL
> > > routines:SSL3_READ_BYTES:sslv3 alert bad certificate
> >
> > I think the means that the SIP phone sends the ALERT because the it does
> > not accept the certificate of the server. So you h ave to debug why the
> > SIP phone does not accept the certificate.
> >
> > You really should test with another SIP client first.
> >
> > regards
> > Klaus
> >
> > >
> > > my configure in kamailio.cfg as :
> > >
> > > modparam("tls", "tls_method", "TLSv1")
> > > modparam("tls", "tls_method", "SSLv23")
> > > modparam("tls", "certificate",
> > > "/usr/local/etc/kamailio//tls/user/user-cert.pem")
> > > modparam("tls", "private_key",
> > > "/usr/local/etc/kamailio//tls/user/user-privkey.pem")
> > > modparam("tls", "ca_list",
> > > "/usr/local/etc/kamailio//tls/user/user-calist.pem")
> > > modparam("tls", "verify_certificate",0 )
> > > modparam("tls", "require_certificate",0 )
> > >
> > >
> > > please suggest to fix this error.
> > > thanks and regards.
> > > Peter Green.
> > >
> > >
> > >
> > > _ ______________________________________________
> > > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> > > sr-users at lists.sip-router.org
> > > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> hi Klaus,
> i add certificate to internet explorer, but it fail:
> when i view this certificate i see that error:
>
> "this certificate has expired or is not yet valid"
>
> is mean this certificate is wrong ?
Yes. It is either expired or not yet valid!
>
> so how do i make it correct ?
Hope this ends this endless conversation
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
regards
klaus
More information about the sr-users
mailing list