[SR-Users] Q: about CRL list (TLS)

Vladimer Gabunia vgabunia at gh.ge
Mon Oct 26 15:44:03 CET 2015

this error i get back in Kamailio .log

 TLS accept:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

I read on the forum that it can be linphone problem while chacking MS Crl.
From: sr-users [sr-users-bounces at lists.sip-router.org] on behalf of Daniel-Constantin Mierla [miconda at gmail.com]
Sent: Monday, October 26, 2015 12:05 PM
To: Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] Q: about CRL list (TLS)


On 25/10/15 13:10, Vladimer Gabunia wrote:
hello all.
we compiled  kamailio with TLS Support.  but have next problem when using CRL Lits.
Our Certificate issuing scheme is follow:
Offline Root CA -> Enterprise SubCA -> Server and Phone Certificate
CRL list is signed by SubCA.
option  "require client certificate is enables (1) "
When we enable CRL list, phones are not registered.
CA file is offline RootCA   certificate in pem format.
We think that the reason is that СRL was signed by Subca or incorrect CRL format.
CRL is converted from MS CRL to PEM. (What is the format for the CRL)
maybe someone have experiance with similar scenarios?
the readme file of the tls module has some documentation about crl:


You can also try to run with debug=3 in kmailio.cfg and see more debug messages about what happens internally.


Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Nov 30-Dec 2, Berlin - http://asipto.com/kat

ვლადიმერ გაბუნია
IT სამსახურის უფროსი
ტელ: (+995) 32 2505222 +8183
მობ: (995) 577 095333
შპს "ჯეო ჰოსპიტალს"
სათავო ოფისი
თბილისი 0160, ვაჟა-ფშაველას გამზ. № 16;
http://www.gh.ge <http://gh.ge>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151026/5152678c/attachment.html>

More information about the sr-users mailing list