[Users] Problem in TLS testing with minisip. Please help..Please...

Dear all, Thank you very much for this chance. Thank you. I am sorry, I have some questions. Can I ask you, Please? 1. All, I have build openser server with TLS support. I use openser-1.1.0-tls Now, I tried to test it by making a call by using softphone that supported TLS. Based on the suggestion from this forum, for testing it, I can use minisip. I have configured minisip like the installation note that I got when download it. But, I have a problem. I have error when running minisip and make a call in Windows XP. This is the error message : Starting MiniSIP ... welcome! libmutil: setupDefaultSignalHandling: No stack trace signal handler available Initializing NetUtil Creating SipSoftPhoneConfiguration init 1/9: Creating timeout provider init 2/9: Creating GUI Creating GTK GUI Setting contact db Thread 2 running - doing initParseConfig init 3/9: Parsing configuration file () WARNING: Could not determine home directory Config file version checked ok! SipIdentity::SipIdentity : cretated identity id=1 SipIdentity::setSipUri: sipUsername=<aldi> sipDomain=<pcr.ac.id> SipIdentity::setSipProxy: autodetect is false; userUri=aldi(a)pcr.ac.id; transport = UDP; proxyAddr=sip.pcr.ac.id; proxyPort=5060 SipProxy:setProxy(str) : addr = sip.pcr.ac.id SipIdentity::setProxy: manual sipproxy success ... SipIdentity::setProxy: else ... Identities: identity=1; username=aldi; domain=pcr.ac.id proxy=[proxyString=sip.pcr.a c.id; proxyString=sip.pcr.ac.id; port=5060; transport=UDP; autodetect=no; user=a ldi; password=aldi; expires=1000]; isRegistered=0 init 4/9: Creating IP provider Adapter Name: {DAF8C45E-7B2A-4D08-98AA-5E5091C3464D} Adapter Name: {6FFFD1E7-4BC6-426E-929D-E8292B7FC0DB} Adapter Name: {B926ACA5-8120-42A4-BAD7-AE95AA6708F0} SimpleIPProvider: localIp = SimpleIPProvider: preferred network interface = {DAF8C45E-7B2A-4D08-98AA-5E5091C 3464D} SimpleIPProvider: preferred interface found Minisip is using IP = 202.95.149.5 init 5/9: Creating MediaHandler Sound I/O: using Spatial Audio Mixer Adding audio codec: G.711 init 6/9: Creating MSip SIP stack init 7/9: Connecting GUI to SIP logic init 8.2/9: Starting TCP transport worker thread init 9/9: Registering Identities to registrar server Registering user aldi(a)pcr.ac.id to proxy sip.pcr.ac.id, requesting domain pcr.ac .id IP4Address(string): sip.pcr.ac.id (202.95.149.251) IP4Address(string): sip.pcr.ac.id (202.95.149.251) IP4Address(string): sip.pcr.ac.id (202.95.149.251) Before new mediaSession RtpReceiver:: final trying port = 34694 After new mediaSession Before addDialog After addDialog Before handleCommand After handleCommand Session::getSdpOffer: v=0 o=- 3344 3344 IN IP4 202.95.149.5 s=Minisip Session c=IN IP4 202.95.149.5 t=0 0 m=audio 34694 RTP/AVP 0 101 a=rtpmap:0 PCMU/8000/1 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 IP4Address(string): sip.pcr.ac.id (202.95.149.251) ERROR:(in IP6Address) Unknown host: <pcr.ac.id> What`s wrong? I have tried to analyze it, but I still do not understand about the error message. I do hope anybody can give me a suggestion. Please help me..Please. 2. In order minisip can use TLS, I have loaded a certificate from "certificate settings" menu. What kind of certificate that I have to load? Where I can load the certificate? Does it means the certificate that I use in openser.cfg? tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem" I mean, Do I have to copy user-cert.pem, user-privkey.pem, user-calist.pem to Client computer (using Windows XP), and load it by using "certificate setting" menu in minisip? Maybe my question is too much. I am sorry for that. I do hope anybody can give me a suggestion. Please help...this newbie one..Please... Thank you very much, Regards, Ferianto Note : Here is my openser.cfg file: debug=4 fork=no log_stderror=yes listen=200.95.149.251 # put your openserver IP address here port=5060 children=4 dns=no rev_dns=no fifo="/tmp/openser_fifo" fifo_db_url="mysql://openser:openserrw@localhost/openser" fifo_mode=0666 alias="pcr.ac.id" tls_port_no=5061 # uncomment the following lines for TLS support disable_tls = 0 listen = tls:200.95.149.251:5061 tls_verify_client = on tls_require_client_certificate = on tls_verify_server=on tls_method = TLSv1 tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem" loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/nathelper.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/uri_db.so" loadmodule "/usr/local/lib/openser/modules/uri.so" loadmodule "/usr/local/lib/openser/modules/avpops.so" loadmodule "/usr/local/lib/openser/modules/domain.so" loadmodule "/usr/local/lib/openser/modules/permissions.so" modparam("auth_db|permissions|uri_db|usrloc","db_url", "mysql://openser:openserrw@localhost/openser") modparam("auth_db|uri_db|usrloc", "db_url", "mysql://openser:openserrw@localhost/openser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock") modparam("usrloc", "db_mode", 2) modparam("registrar", "nat_flag", 6) modparam("rr", "enable_full_lr", 1) modparam("tm", "fr_inv_timer", 27) modparam("tm", "fr_inv_timer_avp", "s:inv_timeout") modparam("permissions", "db_mode", 1) modparam("permissions", "trusted_table", "trusted") route { # ----------------------------------------------------------------- # Sanity Check Section # ----------------------------------------------------------------- if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); return; }; if (msg:len > max_len) { sl_send_reply("513", "Message Overflow"); return; }; # ----------------------------------------------------------------- # Record Route Section # ----------------------------------------------------------------- if (method!="REGISTER") { record_route(); }; if (method=="BYE" || method=="CANCEL") { unforce_rtp_proxy(); } # ----------------------------------------------------------------- # Loose Route Section # ----------------------------------------------------------------- if (loose_route()) { if (has_totag() && (method=="INVITE" || method=="ACK")) { if (nat_uac_test("19")) { setflag(6); force_rport(); fix_nated_contact(); }; force_rtp_proxy("l"); }; route(1); return; }; # ----------------------------------------------------------------- # Call Type Processing Section # ----------------------------------------------------------------- if (uri!=myself) { route(5); route(1); return; }; if (uri==myself) { if (method=="ACK") { route(6); return; } else if (method=="CANCEL") { route(3); return; } else if (method=="INVITE") { route(3); return; } else if (method=="REGISTER") { route(2); return; }; lookup("aliases"); if (uri!=myself) { route(5); route(1); return; }; if (!lookup("location")) { sl_send_reply("404", "Uopenser Not Found"); return; }; }; route(1); } route[1] { # ----------------------------------------------------------------- # Default Message Handler # ----------------------------------------------------------------- t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" && isflagset(6)) { unforce_rtp_proxy(); }; sl_reply_error(); }; } route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- sl_send_reply("100", "Trying"); if (!search("^Contact:\ +\*") && nat_uac_test("19")) { setflag(6); fix_nated_register(); force_rport(); }; if (!www_authorize("pcr.ac.id","subscriber")) { www_challenge("pcr.ac.id","0"); return; }; if (!check_to()) { sl_send_reply("401", "Unauthorized"); return; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; } route[3] { # ----------------------------------------------------------------- # CANCEL and INVITE Message Handler # ----------------------------------------------------------------- if (nat_uac_test("19")) { setflag(6); } #if (!allow_trusted() && nat_uac_test("19")) { # setflag(6); #} lookup("aliases"); if (method=="INVITE" && !allow_trusted()) { if (!proxy_authorize("pcr.ac.id","subscriber")) { proxy_challenge("pcr.ac.id","0"); return; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); return; }; consume_credentials(); }; if (uri=~"^sip:9[0-9]*@") { route(4); return; }; if (uri!=myself) { route(5); route(1); return; }; if (!lookup("location")) { if (uri=~"^sip:[0-9]{10}@") { route(4); return; }; sl_send_reply("404", "Uopenser Not Found"); return; }; if (method=="CANCEL") { route(1); return; } if (isflagset(6)) { force_rport(); fix_nated_contact(); force_rtp_proxy(); }; t_on_reply("1"); if (!t_relay()) { if(isflagset(6)) { unforce_rtp_proxy(); } sl_reply_error(); }; } route[4] { # ----------------------------------------------------------------- # PSTN Handler # ----------------------------------------------------------------- rewritehostport("200.95.149.254:5060"); # INOPENSERT YOUR PSTN GATEWAY IP ADDRESS # avp_write("i:45", "inv_timeout"); #if (!allow_trusted() && isflagset(6)) { if (isflagset(6)) { force_rport(); fix_nated_contact(); force_rtp_proxy(); }; route(1); } onreply_route[1] { if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") { if (!search("^Content-Length:\ +0")) { force_rtp_proxy(); }; }; if (nat_uac_test("1")) { fix_nated_contact(); }; } --------------------------------- Stay in the know. Pulse on the new Yahoo.com. Check it out. --------------------------------- All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.