[SR-Users] Kamailio SIP TLS issue

Sergey Basov sergey.v.basov at gmail.com
Tue Oct 25 14:41:51 CEST 2016 

Sorry, Daniel
Seems it my mistake in configuration.

All works as expected.

25 окт. 2016 г. 9:51 AM пользователь "Sergey Basov" <
sergey.v.basov at gmail.com> написал:

> Hi Daniel,
>
> In attachment part of the log with debug=3 after kamailio starts and
> when it is accepting connection to 10.1.23.23 and 10.1.23.33 port 5061
>
> If you need more info I will try to provide it
>
> kamailio v 4.4.3 on rhel 7 x86_64
>
> Thank you.
> --
> Best regards,
> Sergey Basov                     e-mail: sergey.v.basov at gmail.com
>
>
>
> 2016-10-25 9:29 GMT+03:00 Daniel-Constantin Mierla <miconda at gmail.com>:
> > Hello,
> >
> > can you run with debug=3 in kamailio.cfg and see if you can spot
> > anything relevant at startup, when the tls module is initialized and
> > loads the certificates?
> >
> > Cheers,
> > Daniel
> >
> >
> > On 25/10/16 03:29, Sergey Basov wrote:
> >> Hi All
> >>
> >> I have some strange behavior of kamailio with TLS.
> >>
> >> I have configured second IP addres on server, added it to tls
> >> listener, and tls.cfg file.
> >>
> >> But when I try to connect using
> >>
> >> openssl s_client -showcerts -connect 10.1.23.33:5061 -tls1 -state
> >> and
> >> openssl s_client -showcerts -connect 10.1.23.23:5061 -tls1 -state
> >>
> >> I see same certificates (sip2 my config samples are bellow)
> >>
> >> if I make changes in port number (for ip 10.1.23.33 set port 5091 in
> >> both config parts) - I see correct certificates.
> >>
> >> Does anyone have this problem?
> >>
> >> Thanks in advance.
> >>
> >> ----- listen section ----
> >>
> >> listen=tls:10.1.23.23:5061
> >> listen=tls:10.1.23.33:5061
> >>
> >> ----- tls.cfg ------
> >>
> >> [server:default]
> >> method = TLSv1+
> >> verify_certificate = no
> >> require_certificate = no
> >> private_key = /etc/kamailio/keys/sip1.key
> >> certificate = /etc/kamailio/keys/sip1.crt
> >>
> >> [server:10.1.23.33:5061]
> >> method = TLSv1+
> >> verify_certificate = no
> >> require_certificate = no
> >> private_key = /etc/kamailio/keys/sip1.key
> >> certificate = /etc/kamailio/keys/sip1.crt
> >>
> >> [server:10.1.23.23:5061]
> >> method = TLSv1+
> >> verify_certificate = no
> >> require_certificate = no
> >> private_key = /etc/kamailio/keys/sip2.key
> >> certificate = /etc/kamailio/keys/sip2.crt
> >>
> >> --
> >> Best regards,
> >> Sergey Basov                     e-mail: sergey.v.basov at gmail.com
> >>
> >> _______________________________________________
> >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> >> sr-users at lists.sip-router.org
> >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> >
> > --
> > Daniel-Constantin Mierla
> > http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> > Kamailio Advanced Training, Berlin, Oct 24-26, 2016 -
> http://www.asipto.com
> >
> >
> > _______________________________________________
> > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> > sr-users at lists.sip-router.org
> > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20161025/245d13e9/attachment.html>

More information about the sr-users mailing list