Re: [SR-Users] please help to register sip phone to kamailio server via tls support.

Tue, 07 Sep 2010 00:47:37 -0700 

I couldn't follow what you exactly did, but you should

1. create a self-signed CA certificate
2. create private and public key for server. Make certificate signing request (CSR) from the public key. Sign this CSR with the CA certificate - this will give you the server certificate.
3. configure in Kamailio the server's public key (certificate), the server's private key and the CA certificate as CA list. 

4. Import the CA certificate into the TLS client (e.g. the SIP client)

You can test if the Kamailio configuration works by using a browser e.g:

- surf with Internet Explorer to
   https://domain.name.ofyour.sipproxy:5061/
This should give you a certificate warning (do NOT accept the certificate) 

- close Internet Explorer

- import CA certificate into Windows certificate store

- surf with Internet Explorer again to
   https://domain.name.ofyour.sipproxy:5061/
  This time there should not be any certificate warning.
You can also try other SIP clients, e.g. eyebeam (uses Windows certificate store), twinkle (Linux) or QjSimple (let you specify the CA file manually, do not configure client certificate and private key) 

regards
klaus

Am 06.09.2010 20:15, schrieb peter_green lion:

 > Date: Mon, 6 Sep 2010 14:34:35 +0200
 > From: klaus.mailingli...@pernau.at
 > To: betergr...@live.com
 > CC: sr-users@lists.sip-router.org
 > Subject: Re: [SR-Users] please help to register sip phone to kamailio
server via tls support.
 >
 >
 >
 > Am 06.09.2010 11:19, schrieb peter_green lion:
 > > i have the same problem when add user-privkey.pem in SIP client, I use
 > > 3CX soft phone.
 >
 > You have to import the self-signed certificate of the root CA which
 > signed the server certificate. Maybe "cakey.pem" ?
 >
 > Probably you have to read some certificate and openssl howtos to get
 > proper backround - SIP over TLS is just like HTTPS.
 >
 > regards
 > Klaus

dear Klaus,
I try to test with all file.pem in ca directory. but i get the same error.
i try to verify cert file and get :

openssl verify calist.pem
calist.pem: /C=vn/ST=hcm/L=htk/O=inc/OU=4/CN=kamailio
error 18 at 0 depth lookup:self signed certificate
OK

openssl verify privkey.pem
unable to load certificate
2904:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE


openssl verify ser1_cert.pem

error 20 at 0 depth lookup:unable to get local issuer certificate

so is this my problem ?
thanks for help .
Peter Green




_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to