[SR-Users] Kamailio TLS with intermediate CA certificates

Daniel Pocock daniel at pocock.com.au
Sun Jan 29 13:11:16 CET 2012



I found that my TLS client was not happy because my server cert is
signed by an intermediate root.

A quick search in Google found other people mentioning the same problem,
but no solution or documentation.

I've had a quick look in the Kamailio source and I notice it is using
the call:

	SSL_CTX_use_certificate_chain_file

to load the certificate specified in tls.cfg with

certificate=myserver.pem

In practice, this means the intermediate certificates can be appended to
myserver.pem and Kamailio will present them to the TLS client:

Example:

Trust heirarchy:

trusted root
  - inter 1
       - inter 2
             - server.example.com.pem

Construct the PEM file in this exact order:

cat server.example.com.pem > chain-server.example.com.pem
cat inter2.pem >> chain-server.example.com.pem
cat inter1.pem >> chain-server.example.com.pem

and then, in tls.cfg:

certificate=chain-server.example.com.pem





More information about the sr-users mailing list