On Thu, Feb 6, 2014 at 3:26 AM, jaflong jaflong <jaflong@yandex.com> wrote:

This is my tls.cfg for server

[server:default]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/asterisk/certs/proxy.key
certificate = /etc/asterisk/certs/proxy.crt

As far as I understand (verify_certificate = no), and (require_certificate = no) should allow a client connecting
without certicates.

Can anyone understand what this debug indicates

What is causes this error
tls_read_f(): TLS read:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

http://lists.sip-router.org/pipermail/sr-users/2010-September/065259.html

The client is rejecting the certificate. In your client, you need to either import the CA or
server certificate, or turn of certificate verification. I ran into this error just yesterday and
can attest to the solution, which in my case was that I used the wrong certificate in

Kamailio.

Corey