26 Oct
2015
26 Oct
'15
11:05 a.m.
Hello,
On 25/10/15 13:10, Vladimer Gabunia wrote:
hello all.
we compiled kamailio with TLS Support. but have next problem when
using CRL Lits.
Our Certificate issuing scheme is follow:
Offline Root CA -> Enterprise SubCA -> Server and Phone Certificate
CRL list is signed by SubCA.
option "require client certificate is enables (1) "
When we enable CRL list, phones are not registered.
CA file is offline RootCA certificate in pem format.
We think that the reason is that СRL was signed by Subca or incorrect
CRL format.
CRL is converted from MS CRL to PEM. (What is the format for the CRL)
maybe someone have experiance with similar scenarios?
the readme file of the tls
module has some documentation about crl:
http://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.crl
You can also try to run with debug=3 in kmailio.cfg and see more debug
messages about what happens internally.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Nov 30-Dec 2, Berlin - http://asipto.com/kat