[Users] "client did not present a certificate"(OpenSER 1.2 +EyeBeam 1.5 + TLS) !! need help!!

yanlin yanlin at fortinet.com
Tue Mar 27 05:40:14 CEST 2007


Hi, klaus,

thanks for your response. 

you are right, it was not a problem with OpenSER, but with the domain certificate that i created.
when run, eyeBeam keep saying that "503  certificate name  mismath".

so i check the certificate name of OpenSER server, it was "JOE61", which was not the machine's domain name.
as the testing machine has no domain name. i used its IP as its domain name, then it works.

regards
yanlin
2007.3.27   

----------------------------------------------------------------------

For  me  it  works  without  problems:

tls_verify_server  =  1
tls_verify_client  =  0
tls_require_client_certificate  =  0

I  created  my  certificates  with  the  tutorial  from
http://www.eclectica.ca/howto/ssl-cert-howto.php

Then,  I  imported  the  CA's  certificate  into  Internet  Explorer's
certificate  store.

regards
klaus

yanlin  wrote:
>  Hi,  all,
>  
>  i  have  been  trying  to  test  TLS  support  on  OpenSER  with  EyeBeam  client,  but  in  no  vain.
>  OpenSER  keep  complaining  that  "client  did  not  present  a  certificate".
>  
>  really  need  help!  thanks  in  advance.
>  
>  here  is  some  info  of  my  environment:
>  1)  OpenSER  1.2  and  EyeBeam  1.5
>  2)  run  "openserctl  tls  rootCA",  create  "cacert.pem"  under  /etc/openser/tls/rootCA/.
>  3)  run  "openserctl  tls  userCERT",  create  "user-calist.pem    user-cert.pem    user-cert_req.pem    user-privkey.pem"  under  /etc/openser/tls/user/.  
>  4)  i  have  set  openser.cfg  as  follow:
>          disable_tls  =  0
>          listen  =  tls:172.22.14.61:5061
>          tls_verify_client  =  0
>          tls_require_client_certificate  =  0
>          tls_method  =  TLSv1
>          tls_certificate  =  /etc/openser/tls/user/user-cert.pem"
>          tls_private_key  =  "/etc/openser/tls/user/user-privkey.pem"
>          tls_ca_list  =  "/etc/openser/tls/user/user-calist.pem"
>  5)  copy  "/etc/openser/tls/rootCA/cacert.pem"  created  at  step  2)  to  EyeBeam  clinet  machine,  which  was  a  Windows  XP  machine,    run  "certmrg.msc"  there,  import  this  certificate  to  WindowXP  "root  certificate  store".
>  
>  when  run  ...    error  occur.  OpenSER  complaint  that  "client  did  not  present  a  certificate",  and  EyeBeam  receive  a  "503  certificate  name  mismath".
>  
>  Any  advise  will  be  very  appreciate  !!






More information about the Users mailing list