[SR-Users] TLS issue

Ankit Jayswal ankit.jayswal at engagely.ai
Mon Aug 22 06:39:55 CEST 2022 

Hello,
For adding the CA list below is the article that can help you.

*https://telecom.altanai.com/2018/09/04/kamailio-webrtc-sip-server/
<https://telecom.altanai.com/2018/09/04/kamailio-webrtc-sip-server/>*

Search the line, *find / -name cacert.pem* there you will find the steps to
get it.
But in my case it works without *ca_list* also.


On Sat, Aug 20, 2022 at 2:45 AM M Arqum CH <marqumch at gmail.com> wrote:

> Hi Henning,
> Thank you for your reply.
> yes there is ca_list parameter .. but no idea from where i can get that
> list.
> can you please guide me on how to get ca_list, how would I generate
> ca_list.
>
> thanks
>
> On Fri, Aug 19, 2022 at 2:40 PM Henning Westerholt <hw at gilawa.com> wrote:
>
>> Hello,
>>
>>
>>
>> try to add the „ca_list” parameter to your ca file, it seems an error
>> related to that.
>>
>>
>>
>> Cheers,
>>
>>
>>
>> Henning
>>
>>
>>
>> --
>>
>> Henning Westerholt – https://skalatan.de/blog/
>>
>> Kamailio services – https://gilawa.com
>>
>>
>>
>> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of *M
>> Arqum CH
>> *Sent:* Thursday, August 18, 2022 10:49 PM
>> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
>> *Subject:* [SR-Users] TLS issue
>>
>>
>>
>> Dear All,
>>
>> Thank you in advance .
>>
>>
>>
>> Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon
>> linux server.
>>
>>
>>
>> Getting this error.
>>
>>
>>
>> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]:
>> ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error
>> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]:
>> ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL
>> routines:ssl3_read_bytes:tlsv1 alert unknown ca
>> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]:
>> ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr:
>> 143.198.11.1:62033  ///client ip
>> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]:
>> ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr:
>> 172.36.53.1:5061 ///ec2 local ip
>> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]:
>> ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req:
>> error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1)
>>
>>
>>
>> TLS Config
>>
>> [server:default]
>> method = TLSv1+
>> verify_certificate = no
>> require_certificate = nocertificate=/usr/local/ssl/certs/cert.pem
>> private_key=/usr/local/ssl/certs/fullkey.pem
>> server_name = abc.domain
>>
>>
>>
>>
>>
>> Also tried this conf
>>
>> [server:default]
>> method =  TLSv1+ ///tries all version options
>>
>>
>> verify_certificate = no
>> require_certificate = no
>> certificate=/usr/local/ssl/certs/ abc.domain.crt
>> private_key=/usr/local/ssl/certs/ abc.domain.key
>> server_name = abc.domain.link
>>
>>
>>
>> openssl version
>> OpenSSL 1.0.2k-fips  26 Jan 2017
>>
>>
>>
>>
>>
>>
>>
>> please guide.
>>
>>
>>
>>
>>
>> --
>>
>> Regards
>>
>> Arqum
>>
>
>
> --
> Regards
> M Arqum
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220822/f02764bb/attachment.htm>

More information about the sr-users mailing list