For me it works without problems:
tls_verify_server = 1 tls_verify_client = 0 tls_require_client_certificate = 0
I created my certificates with the tutorial from http://www.eclectica.ca/howto/ssl-cert-howto.php
Then, I imported the CA's certificate into Internet Explorer's certificate store.
regards klaus
yanlin wrote:
Hi, all,
i have been trying to test TLS support on OpenSER with EyeBeam client, but in no vain. OpenSER keep complaining that "client did not present a certificate".
really need help! thanks in advance.
here is some info of my environment:
- OpenSER 1.2 and EyeBeam 1.5
- run "openserctl tls rootCA", create "cacert.pem" under /etc/openser/tls/rootCA/.
- run "openserctl tls userCERT", create "user-calist.pem user-cert.pem user-cert_req.pem user-privkey.pem" under /etc/openser/tls/user/.
- i have set openser.cfg as follow: disable_tls = 0 listen = tls:172.22.14.61:5061 tls_verify_client = 0 tls_require_client_certificate = 0 tls_method = TLSv1 tls_certificate = /etc/openser/tls/user/user-cert.pem" tls_private_key = "/etc/openser/tls/user/user-privkey.pem" tls_ca_list = "/etc/openser/tls/user/user-calist.pem"
- copy "/etc/openser/tls/rootCA/cacert.pem" created at step 2) to EyeBeam clinet machine, which was a Windows XP machine, run "certmrg.msc" there, import this certificate to WindowXP "root certificate store".
when run ... error occur. OpenSER complaint that "client did not present a certificate", and EyeBeam receive a "503 certificate name mismath".
Any advise will be very appreciate !!
yan lin yanlin@fortinet.com 2007-3-26
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users