[SR-Users] Kamailio TLS configuration
Alexandru Covalschi
568691 at gmail.com
Fri Aug 28 19:01:55 CEST 2015
Hello!
I'm having problems with Kamailio configuration with TLS. Or, maybe, that's
my misunderstanding about how it should work.
So, the issue - inbound TLS works just great, I can call everyone in my
domain. I have PositiveSSL certificate, so I have such files:
calist.crt AddTrustExternalCARoot.crt + COMODORSAAddTrustCA.crt +
COMODORSADomainValidationSecureServerCA.crt divided by \n
server.key - key
server.crt - cert
The configuration of tls.cfg
[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = /etc/ssl/sectel.io.ssl/sip/server.key
certificate = /etc/ssl/sectel.io.ssl/sip/server.crt
ca_list = /etc/ssl/sectel.io.ssl/sip/calist.crt
#crl = /etc/kamailio/crl.pem
(however with or without ca_list nothing changes)
[client:default]
verify_certificate = yes
require_certificate = yes
And with that configuration when I'm trying to call to ostel.co (public SIP
service supporting TLS) from my server I get such error:
ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Putting that in tls.cfg:
[client:default]
verify_certificate = no
require_certificate = no
Make everything work.
Cross-domain calling is essential and I'm just trying to figure out -
what's the problem? Is that my certificate, is that ostel.co certificate or
it is just the way it should be?
Thanks!
--
Alexandru Covalschi
ABRISS-Solutions
VoIP engineer and system administrator
phone: +37367398493
web: http://abs-telecom.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150828/e5a99d4e/attachment.html>
More information about the sr-users
mailing list