[SR-Users] TLS with self-singned certificates
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Jan 7 16:30:12 CET 2013
It depends on what you want to configure.
If the softswitch shall be authenticated by TLS then of course you have
to set "require_certificate=yes".
Further, find out why the handshake fails. Use tcpdump/wireshark to find
out who sends the SSL alert. It seems the softswitch sends the alert:
thus make sure that the softswitch is configured with the correct
certificate and also provide the softswitch with the CA certificate (or
the self-signed certificate) of Kamailio's certificate.
See also:
http://www.kamailio.org/dokuwiki/doku.php/troubleshooting:tls
http://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging
regards
Klaus
On 04.01.2013 18:30, Iurii Andamasov wrote:
> other side is softswitch, not an softphone,
> other side also use selfsigned certificate
> should i set
> require_certificate = no
> ?
> On 04.01.2013, at 14:49, Daniel-Constantin Mierla <miconda at gmail.com
> <mailto:miconda at gmail.com>> wrote:
>
>> Hello,
>>
>> is the sip phone presenting a certificate? You require that in the
>> server part of tls.cfg.
>>
>> Cheers,
>> Daniel
>>
>> On 1/4/13 10:44 AM, Iurii Andamasov wrote:
>>> Hello,
>>> trying setup kamailio with TLS, have 2 peers,
>>> tls.cfg:
>>> http://pastebin.com/DvdDzx0v
>>> i'm getting
>>> Jan 4 10:38:43 fs-tls /usr/sbin/kamailio[3798]: ERROR: tls
>>> [tls_server.c:1190]: TLS read:error:14094410:SSL
>>> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>>> Can someone point me to solution?
>>> Thanks
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>> --
>> Daniel-Constantin Mierla -http://www.asipto.com
>> http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
More information about the sr-users
mailing list