For me it works without problems:
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
I created my certificates with the tutorial from
Then, I imported the CA's certificate into Internet Explorer's
certificate store.
regards
klaus
yanlin wrote:
Hi, all,
i have been trying to test TLS support on OpenSER with EyeBeam client, but in no vain.
OpenSER keep complaining that "client did not present a certificate".
really need help! thanks in advance.
here is some info of my environment:
1) OpenSER 1.2 and EyeBeam 1.5
2) run "openserctl tls rootCA", create "cacert.pem" under
/etc/openser/tls/rootCA/.
3) run "openserctl tls userCERT", create "user-calist.pem user-cert.pem
user-cert_req.pem user-privkey.pem" under /etc/openser/tls/user/.
4) i have set openser.cfg as follow:
disable_tls = 0
listen = tls:172.22.14.61:5061
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate = /etc/openser/tls/user/user-cert.pem"
tls_private_key = "/etc/openser/tls/user/user-privkey.pem"
tls_ca_list = "/etc/openser/tls/user/user-calist.pem"
5) copy "/etc/openser/tls/rootCA/cacert.pem" created at step 2) to EyeBeam
clinet machine, which was a Windows XP machine, run "certmrg.msc" there, import
this certificate to WindowXP "root certificate store".
when run ... error occur. OpenSER complaint that "client did not present a
certificate", and EyeBeam receive a "503 certificate name mismath".
Any advise will be very appreciate !!
yan lin
yanlin(a)fortinet.com
2007-3-26
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users