[SR-Users] Q: about CRL list (TLS)
Daniel-Constantin Mierla
miconda at gmail.com
Mon Oct 26 09:05:14 CET 2015
Hello,
On 25/10/15 13:10, Vladimer Gabunia wrote:
> hello all.
> we compiled kamailio with TLS Support. but have next problem when
> using CRL Lits.
> Our Certificate issuing scheme is follow:
> Offline Root CA -> Enterprise SubCA -> Server and Phone Certificate
> CRL list is signed by SubCA.
> option "require client certificate is enables (1) "
> When we enable CRL list, phones are not registered.
> CA file is offline RootCA certificate in pem format.
> We think that the reason is that СRL was signed by Subca or incorrect
> CRL format.
> CRL is converted from MS CRL to PEM. (What is the format for the CRL)
> maybe someone have experiance with similar scenarios?
the readme file of the tls module has some documentation about crl:
http://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.crl
You can also try to run with debug=3 in kmailio.cfg and see more debug
messages about what happens internally.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Nov 30-Dec 2, Berlin - http://asipto.com/kat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151026/5e3c63f6/attachment.html>
More information about the sr-users
mailing list