Hi, Thank you Vangelis for your answer. I tried the extra parameters what you advised, but I see same problem. Yes, the cert is wildcard SSL cert. Is it not supported by Kannel?
Best regards, KAMI Feladó: Vangelis Typaldos <vty...@outlook.com> Küldve: 2018. december 4. 19:18 Címzett: Szalai Kálmán <szalai.kal...@ulyssys.hu>; users@kannel.org Tárgy: Re: Use cert chain in SSL settings It seems you are using an SNI certificate (that is, sharing multiple SSL hosts on a single IP address). You should correct the openssl s_client command to openssl s_client -showcerts -servername www.example.com<http://www.example.com> -connect www.example.com:443<http://www.example.com:443> I'm not sure that kannel support SNI certificates though Best Regards, ________________________________ From: users <users-boun...@kannel.org<mailto:users-boun...@kannel.org>> on behalf of Szalai Kálmán <szalai.kal...@ulyssys.hu<mailto:szalai.kal...@ulyssys.hu>> Sent: Tuesday, December 4, 2018 11:22 AM To: users@kannel.org<mailto:users@kannel.org> Subject: Use cert chain in SSL settings Dear All, How can I set to use SSL in sendsms and admin and providing CA cert chain? I used settings from documentation: To use the SSL-enabled HTTP server please use the following configuration directive within the core and smsbox groups group = core ... ssl-server-cert-file = "filename" ssl-server-key-file = "filename" group = smsbox ... sendsms-port-ssl = true I tried to add my cert chain to ssl-server-cert-file file, but it is still providing only one cert, not the chain. I found ssl-trusted-ca-file option but it is not for server certs, isn't it? openssl s_client command output: CONNECTED(00000003) depth=0 CN = *. example.hu verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = *.example.hu verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/CN=*.example.hu i:/C=US/O=Cert Inc/OU=www.cert.com/CN=Cert RSA CA 2018 (domain name and cert retaled names were renamed.) So is there any way to provide full cert chain via kannel configuration? Thank you in advance! Best regards, KAMI Ez a levél vírus- és spammentes. | This e-mail is virus-free. Ez a levél vírus- és spammentes. | This e-mail is virus-free.
