[SR-Users] Kamailio SIP TLS issue

[Daniel-Constantin Mierla]

Hello,

can you run with debug=3 in kamailio.cfg and see if you can spot
anything relevant at startup, when the tls module is initialized and
loads the certificates?

Cheers,
Daniel


On 25/10/16 03:29, Sergey Basov wrote:
> Hi All
>
> I have some strange behavior of kamailio with TLS.
>
> I have configured second IP addres on server, added it to tls
> listener, and tls.cfg file.
>
> But when I try to connect using
>
> openssl s_client -showcerts -connect 10.1.23.33:5061 -tls1 -state
> and
> openssl s_client -showcerts -connect 10.1.23.23:5061 -tls1 -state
>
> I see same certificates (sip2 my config samples are bellow)
>
> if I make changes in port number (for ip 10.1.23.33 set port 5091 in
> both config parts) - I see correct certificates.
>
> Does anyone have this problem?
>
> Thanks in advance.
>
> ----- listen section ----
>
> listen=tls:10.1.23.23:5061
> listen=tls:10.1.23.33:5061
>
> ----- tls.cfg ------
>
> [server:default]
> method = TLSv1+
> verify_certificate = no
> require_certificate = no
> private_key = /etc/kamailio/keys/sip1.key
> certificate = /etc/kamailio/keys/sip1.crt
>
> [server:10.1.23.33:5061]
> method = TLSv1+
> verify_certificate = no
> require_certificate = no
> private_key = /etc/kamailio/keys/sip1.key
> certificate = /etc/kamailio/keys/sip1.crt
>
> [server:10.1.23.23:5061]
> method = TLSv1+
> verify_certificate = no
> require_certificate = no
> private_key = /etc/kamailio/keys/sip2.key
> certificate = /etc/kamailio/keys/sip2.crt
>
> --
> Best regards,
> Sergey Basov                     e-mail: sergey.v.basov at gmail.com
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Oct 24-26, 2016 - http://www.asipto.com