[SR-Users] Problem with TLS config

Corey Edwards tensai at zmonkey.org
Wed Mar 19 04:51:58 CET 2014 

On Tue, Mar 18, 2014 at 3:12 PM, Rene Montilva <renemontilva at gmail.com>wrote:

> [server:192.168.1.1:5061]
> method = SSLv23
> verify_certificate = no
> require_certificate = no
> private_key = /etc/kamailio/key.pem
> certificate = /etc/kamailio/cert.pem
>
> [client:default]
> verify_certificate = no
> require_certificate = no
>
>
> But when a reload kamailio
>
> i get the follow error:
>
> Mar 18 16:36:50 softswitch /usr/sbin/kamailio[23330]: ERROR: tls
> [tls_domain.c:906]: load_private_key(): TLSs<default>: Unable to load
> private key file '/etc/kamailio/cert.pem'
>
>
> Why try to find '/etc/kamailio/cert.pem' for a private key??
>

I'm not an expert, but I tested it out and from what I can tell you need a
[server:default] section before you can have an IP-specific section. So you
can either put your options into default, or at least define a default
before creating [server:192.168.1.1:5061].

Also as a side note, I would recommend you support TLSv1. SSLv2 has some
significant security issues and should be avoided.

Corey




On Tue, Mar 18, 2014 at 3:12 PM, Rene Montilva <renemontilva at gmail.com>wrote:

> Hi List
>
> i'm trying config sip with tls module, my config for module in
> kamailio.cfg is this:
>
>
> #!ifdef WITH_TLS
> # ----- tls params -----
> modparam("tls", "config", "/etc/kamailio/tls.cfg")
> #!endif
>
>
> in tls.cfg is this:
>
> [server:192.168.1.1:5061]
> method = SSLv23
> verify_certificate = no
> require_certificate = no
> private_key = /etc/kamailio/key.pem
> certificate = /etc/kamailio/cert.pem
>
> [client:default]
> verify_certificate = no
> require_certificate = no
>
>
> But when a reload kamailio
>
> i get the follow error:
>
> Mar 18 16:36:50 softswitch /usr/sbin/kamailio[23330]: ERROR: tls
> [tls_domain.c:906]: load_private_key(): TLSs<default>: Unable to load
> private key file '/etc/kamailio/cert.pem'
>
>
> Why try to find '/etc/kamailio/cert.pem' for a private key??
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140318/b29d3d80/attachment.html>

More information about the sr-users mailing list