Daniel-Constantin Mierla writes: > Is this by one ca_list only, or do you have many tls domains, each with > own profile?
just a single ca_list and tls domain. my tls.cfg looks like this: [client:default] verify_certificate = yes require_certificate = yes tls_method = TLSv1 private_key = /etc/sip-proxy/certs/sip-proxy/key.pem certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem #ca_list = /etc/sip-proxy/certs/demoCA/cert.pem ca_list = /etc/ssl/certs/ca-certificates.crt [server:default] verify_certificate = no require_certificate = no tls_method = SSLv23 private_key = /etc/sip-proxy/certs/sip-proxy/key.pem certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem #ca_list = /etc/sip-proxy/certs/demoCA/cert.pem ca_list = /etc/ssl/certs/ca-certificates.crt sending over tls works fine if i use line ca_list = /etc/sip-proxy/certs/demoCA/cert.pem where cert.pem contains just three ca certs one of them being cacert.org ca cert that i use in this test. -- juha _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
