Re: [SR-Users] TLS with self-singned certificates

Mon, 07 Jan 2013 07:30:29 -0800 

It depends on what you want to configure.
If the softswitch shall be authenticated by TLS then of course you have to set "require_certificate=yes". 


Further, find out why the handshake fails. Use tcpdump/wireshark to find 
out who sends the SSL alert. It seems the softswitch sends the alert: 
thus make sure that the softswitch is configured with the correct 
certificate and also provide the softswitch with the CA certificate (or 
the self-signed certificate) of Kamailio's certificate.


See also:
http://www.kamailio.org/dokuwiki/doku.php/troubleshooting:tls
http://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging

regards
Klaus

On 04.01.2013 18:30, Iurii Andamasov wrote:

other side is softswitch, not an softphone,
other side also use selfsigned certificate
should i set
require_certificate = no
?
On 04.01.2013, at 14:49, Daniel-Constantin Mierla <mico...@gmail.com
<mailto:mico...@gmail.com>> wrote:


Hello,

is the sip phone presenting a certificate? You require that in the
server part of tls.cfg.

Cheers,
Daniel

On 1/4/13 10:44 AM, Iurii Andamasov wrote:

Hello,
trying setup kamailio with TLS, have 2 peers,
tls.cfg:
http://pastebin.com/DvdDzx0v
i'm getting
Jan  4 10:38:43 fs-tls /usr/sbin/kamailio[3798]: ERROR: tls
[tls_server.c:1190]: TLS read:error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
Can someone point me to solution?
Thanks


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


--
Daniel-Constantin Mierla -http://www.asipto.com
http://twitter.com/#!/miconda  -http://www.linkedin.com/in/miconda




_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users






















					Reply via email to