[SR-Users] TLS with self-singned certificates

Iurii Andamasov andamasov at gmail.com
Mon Jan 7 16:43:58 CET 2013 

Hello,

Thanks for  links

It's works now.

On 07.01.2013, at 16:30, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:

> It depends on what you want to configure.
> 
> If the softswitch shall be authenticated by TLS then of course you have to set "require_certificate=yes".
> 
> Further, find out why the handshake fails. Use tcpdump/wireshark to find out who sends the SSL alert. It seems the softswitch sends the alert: thus make sure that the softswitch is configured with the correct certificate and also provide the softswitch with the CA certificate (or the self-signed certificate) of Kamailio's certificate.
> 
> See also:
> http://www.kamailio.org/dokuwiki/doku.php/troubleshooting:tls
> http://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging
> 
> regards
> Klaus
> 
> On 04.01.2013 18:30, Iurii Andamasov wrote:
>> other side is softswitch, not an softphone,
>> other side also use selfsigned certificate
>> should i set
>> require_certificate = no
>> ?
>> On 04.01.2013, at 14:49, Daniel-Constantin Mierla <miconda at gmail.com
>> <mailto:miconda at gmail.com>> wrote:
>> 
>>> Hello,
>>> 
>>> is the sip phone presenting a certificate? You require that in the
>>> server part of tls.cfg.
>>> 
>>> Cheers,
>>> Daniel
>>> 
>>> On 1/4/13 10:44 AM, Iurii Andamasov wrote:
>>>> Hello,
>>>> trying setup kamailio with TLS, have 2 peers,
>>>> tls.cfg:
>>>> http://pastebin.com/DvdDzx0v
>>>> i'm getting
>>>> Jan  4 10:38:43 fs-tls /usr/sbin/kamailio[3798]: ERROR: tls
>>>> [tls_server.c:1190]: TLS read:error:14094410:SSL
>>>> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>>>> Can someone point me to solution?
>>>> Thanks
>>>> 
>>>> 
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>> 
>>> --
>>> Daniel-Constantin Mierla -http://www.asipto.com
>>> http://twitter.com/#!/miconda  -http://www.linkedin.com/in/miconda
>> 
>> 
>> 
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>

More information about the sr-users mailing list