[SR-Users] TLS challenge
Julien Chavanton
jchavanton at gmail.com
Thu Feb 7 17:46:11 CET 2019
Not sure if the logs a clear on what/when connection is rejected.
I can share a few troubleshooting hints :
1: Check if you are using the setting require_certificate try to set it to
no and test again.
2: You can verify that you can connect to our proxy using libssl
openssl s_client -showcerts -debug -verify_hostname <yourdomain.com>
-servername <yourdomain.com> -connect <yourdomain.com>:5061
This command will produce a detailed report,
if the connection does not work you may need to add the root CA from
letsencrypt
https://letsencrypt.org/certificates/
(If your Linux OS is a bit old, this will be the case)
You can test with :
openssl s_client -showcerts -debug -verify_hostname <yourdomain.com>
-servername <yourdomain.com> -connect <yourdomain.com>:5061 -CAfile
/etc/ssl/certs/isrgrootx1.pem
3: take a full TCP trace using tcpdump and look at the handshake, you may
learn more about the failure/rejection
Hope this will help you, to save some of your hair
Julien
On Thu, Feb 7, 2019 at 1:29 AM Gertjan Wolzak <g.wolzak at kazlow.nl> wrote:
>
>
> Hello Kamailions,
>
> Julien, thank you for the help, I have added the letsencrypt ca
> certificate to the ca list, still no dice.
>
> So, still got lots of questions, but after my last booboo going to do some
> more research and testing. When I have no more hair left will get back to
> the list.
>
> Thanks for now.
>
> Rgds,
>
> Gertjan Wolzak
>
>
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190207/e5d3e3ff/attachment.html>
More information about the sr-users
mailing list