> Date: Thu, 9 Sep 2010 16:17:18 +0200 > From: klaus.mailingli...@pernau.at > To: betergr...@live.com > CC: sr-users@lists.sip-router.org > Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate > > > > Am 09.09.2010 12:00, schrieb peter_green lion: > > > > > Date: Thu, 9 Sep 2010 11:13:19 +0200 > > > From: klaus.mailingli...@pernau.at > > > To: betergr...@live.com > > > CC: sr-users@lists.sip-router.org > > > Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate > > > > > > > > > > > > Am 09.09.2010 10:17, schrieb peter_green lion: > > > > hi all, > > > > i have configure tls support as this link: > > > > http://www.kamailio.org/docs/tls-devel.html#id2451496 > > > > and i add certificate to 3CX sip phone is "cacert.pem" but when i > > > > register sip phone, the log file in kamailio server is : > > > > > > > > Sep 9 15:13:36 appliance /usr/local/sbin/kamailio[2146]: ERROR: tls > > > > [tls_server.c:392]: SSL error:error:14094412:SSL > > > > routines:SSL3_READ_BYTES:sslv3 alert bad certificate > > > > > > I think the means that the SIP phone sends the ALERT because the it does > > > not accept the certificate of the server. So you h ave to debug why the > > > SIP phone does not accept the certificate. > > > > > > You really should test with another SIP client first. > > > > > > regards > > > Klaus > > > > > > > > > > > my configure in kamailio.cfg as : > > > > > > > > modparam("tls", "tls_method", "TLSv1") > > > > modparam("tls", "tls_method", "SSLv23") > > > > modparam("tls", "certificate", > > > > "/usr/local/etc/kamailio//tls/user/user-cert.pem") > > > > modparam("tls", "private_key", > > > > "/usr/local/etc/kamailio//tls/user/user-privkey.pem") > > > > modparam("tls", "ca_list", > > > > "/usr/local/etc/kamailio//tls/user/user-calist.pem") > > > > modparam("tls", "verify_certificate",0 ) > > > > modparam("tls", "require_certificate",0 ) > > > > > > > > > > > > please suggest to fix this error. > > > > thanks and regards. > > > > Peter Green. > > > > > > > > > > > > > > > > _ ______________________________________________ > > > > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > > > > sr-users@lists.sip-router.org > > > > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > > > > > hi Klaus, > > i add certificate to internet explorer, but it fail: > > when i view this certificate i see that error: > > > > "this certificate has expired or is not yet valid" > > > > is mean this certificate is wrong ? > > Yes. It is either expired or not yet valid! > > > > so how do i make it correct ? > > Hope this ends this endless conversation > > http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates > > regards > klaus > hi Klaus, I hope i could close this question, but i cannot make it work. i did as the document which you send me. and when i test certificate with command as: [r...@appliance kamailio]# openssl s_client -connect localhost:5061 -tls1 -CAfile /etc/certs/demoCA/cert.pem CONNECTED(00000003) depth=1 /C=AT/ST=Vienna/L=Vienna/O=My private CA/CN=My private CA verify return:1 depth=0 /C=AT/ST=Berkshire/L=Berlin/O=berlin-calling.com/CN=berlin-calling.com verify return:1 2962:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40 2962:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: [r...@appliance kamailio]# openssl s_client -connect localhost:5061 -ssl2 -CAfile /etc/certs/demoCA/cert.pem CONNECTED(00000003) depth=1 /C=AT/ST=Vienna/L=Vienna/O=My private CA/CN=My private CA verify return:1 depth=0 /C=AT/ST=Berkshire/L=Berlin/O=berlin-calling.com/CN=berlin-calling.com verify return:1 2963:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428: [r...@appliance kamailio]# openssl s_client -connect localhost:5061 -ssl3 -CAfile /etc/certs/demoCA/cert.pem CONNECTED(00000003) depth=1 /C=AT/ST=Vienna/L=Vienna/O=My private CA/CN=My private CA verify return:1 depth=0 /C=AT/ST=Berkshire/L=Berlin/O=berlin-calling.com/CN=berlin-calling.com verify return:1 2964:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40 2964:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: and i have the same error as last email. please help me to handle this error. thanks for help me. regards, Peter Green.
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
