[SR-Users] TLS issue

M Arqum CH marqumch at gmail.com
Fri Aug 19 23:12:09 CEST 2022 

Hi Henning,
Thank you for your reply.
yes there is ca_list parameter .. but no idea from where i can get that
list.
can you please guide me on how to get ca_list, how would I generate
ca_list.

thanks

On Fri, Aug 19, 2022 at 2:40 PM Henning Westerholt <hw at gilawa.com> wrote:

> Hello,
>
>
>
> try to add the „ca_list” parameter to your ca file, it seems an error
> related to that.
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of *M
> Arqum CH
> *Sent:* Thursday, August 18, 2022 10:49 PM
> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject:* [SR-Users] TLS issue
>
>
>
> Dear All,
>
> Thank you in advance .
>
>
>
> Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon
> linux server.
>
>
>
> Getting this error.
>
>
>
> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]:
> ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error
> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]:
> ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL
> routines:ssl3_read_bytes:tlsv1 alert unknown ca
> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]:
> ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr:
> 143.198.11.1:62033  ///client ip
> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]:
> ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 172.36.53.1:5061
> ///ec2 local ip
> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]:
> ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req:
> error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1)
>
>
>
> TLS Config
>
> [server:default]
> method = TLSv1+
> verify_certificate = no
> require_certificate = nocertificate=/usr/local/ssl/certs/cert.pem
> private_key=/usr/local/ssl/certs/fullkey.pem
> server_name = abc.domain
>
>
>
>
>
> Also tried this conf
>
> [server:default]
> method =  TLSv1+ ///tries all version options
>
>
> verify_certificate = no
> require_certificate = no
> certificate=/usr/local/ssl/certs/ abc.domain.crt
> private_key=/usr/local/ssl/certs/ abc.domain.key
> server_name = abc.domain.link
>
>
>
> openssl version
> OpenSSL 1.0.2k-fips  26 Jan 2017
>
>
>
>
>
>
>
> please guide.
>
>
>
>
>
> --
>
> Regards
>
> Arqum
>


-- 
Regards
M Arqum
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220820/b1e225fc/attachment.htm>

More information about the sr-users mailing list