[SR-Users] Q: about CRL list (TLS)
Vladimer Gabunia
vgabunia at gh.ge
Mon Oct 26 15:44:03 CET 2015
this error i get back in Kamailio .log
TLS accept:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
I read on the forum that it can be linphone problem while chacking MS Crl.
________________________________
From: sr-users [sr-users-bounces at lists.sip-router.org] on behalf of Daniel-Constantin Mierla [miconda at gmail.com]
Sent: Monday, October 26, 2015 12:05 PM
To: Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] Q: about CRL list (TLS)
Hello,
On 25/10/15 13:10, Vladimer Gabunia wrote:
hello all.
we compiled kamailio with TLS Support. but have next problem when using CRL Lits.
Our Certificate issuing scheme is follow:
Offline Root CA -> Enterprise SubCA -> Server and Phone Certificate
CRL list is signed by SubCA.
option "require client certificate is enables (1) "
When we enable CRL list, phones are not registered.
CA file is offline RootCA certificate in pem format.
We think that the reason is that СRL was signed by Subca or incorrect CRL format.
CRL is converted from MS CRL to PEM. (What is the format for the CRL)
maybe someone have experiance with similar scenarios?
the readme file of the tls module has some documentation about crl:
http://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.crl
You can also try to run with debug=3 in kmailio.cfg and see more debug messages about what happens internally.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Nov 30-Dec 2, Berlin - http://asipto.com/kat
________________________________
[gh.ge]
ვლადიმერ გაბუნია
IT სამსახურის უფროსი
ტელ: (+995) 32 2505222 +8183
მობ: (995) 577 095333
შპს "ჯეო ჰოსპიტალს"
სათავო ოფისი
თბილისი 0160, ვაჟა-ფშაველას გამზ. № 16;
http://www.gh.ge <http://gh.ge>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151026/5152678c/attachment.html>
More information about the sr-users
mailing list