28 Dec
2006
28 Dec
'06
5:56 p.m.
Hello Ncheeku,
change to the directory with your ".pem" files:
/usr/local/etc/openser/tls/user
Then you can test your TLS handshake with the following command:
openssl s_server -cert user-cert.pem -key user-privkey.pem -state -accept 5061
Openssl simulates a TLS server with your certificate/private key files
and it accepts only requests at port 5061.
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
Thanks a lot Steffen. Adding the new listen =
udp:10.30.100.41:5060 indeed
worked. How can I check the TLS handshake using openssl at the server?
Thanks a lot..
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
Hello again,
maybe you should add the following line to test your non-TLS UAs:
disable_tls = 0
listen = udp:10.30.100.41:5060 <---
listen = tls:10.30.100.41:5061
You can check your TLS handshake by simulating your server with openssl.
Please have a look at the following link that describes the TLS support:
http://www.openser.org/docs/tls.html
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> Hi,
>
> I am trying to make my non-TLS/TLS UA register with my TLS enabled
openSER.
> Currently I am just working on my local
machine with the client UAs on
the
> same subnet,(so there is only one domain,
but its not named). Below is
my
> configuration file:
>
> disable_tls = 0
> listen = tls:10.30.100.41:5061
> tls_verify_server = 1
> tls_verify_client = 0
> tls_require_client_certificate = 0
> tls_method = TLSv1
> tls_certificate =
"/usr/local/etc/openser/tls/user/user-
> cert.pem"
> tls_private_key =
"/usr/local/etc/openser/tls/user/user-
> privkey.pem"
> tls_ca_list =
> "usr/local/etc/openser/tls/user/user-calist.pem"
>
> However, with the above configuration the client UAs couldnot register
and I
> got 408 Request Time out Message. Is there
any field that is missing to
make
> this simple scenario work? What should be
the values of
"tls_client_domain"
> and "tls_server_domain" fields in
this case?
>
> I noticed that when I start the openSER without TLS support using
> "openserctl start" and do "ps -e" after that, there are more
openSER
> processes running than if I start openSER with TLS support in which case
I
see very
few of these processes running.
Your help is much appreciated....
Best regards,
NCheeku
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users