[SR-Users] help with tls error :sslv3 alert bad certificate
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Sep 13 11:40:33 CEST 2010
Am 13.09.2010 11:10, schrieb peter_green lion:
> enable_tls=1
> tcp_async=no
>
> listen=tls:192.168.1.81:5060
The default is for TLS is port 5061.
>
> modparam("tls", "tls_method", "TLSv1")
> modparam("tls", "tls_method", "SSLv23")
You can not use TLS and SSL - only on e or the other. SIP is
standardized with TLSv1. Thus you should remove SSLv23 unless you
explicitely know that the client can not handle TLSv1 (then the client
would be buggy)
> modparam("tls", "certificate", "ser1_cert.pem")
> modparam("tls", "private_key", "privkey.pem")
> modparam("tls", "ca_list", "cacert.pem")
> modparam("tls", "verify_certificate", 1)
> modparam("tls", "require_certificate", 1)
Here is the problem: You have configured Kamailio to require a client
certificate. Usually the SIP client does not have a TLS client
certificate, thus Kamailio will terminate the TLS connection with
handshake error. Set
modparam("tls", "require_certificate", 0)
and at least it should work with the "openssl s_client" tool.
regards
Klaus
More information about the sr-users
mailing list