Hello,
you trimmed the output, but I guess that the connection stayed open and
no errors were printed in kamailio logs.
That means, kamailio is doing ok. If the web browser has issues
connecting over tls, then the problem is somewhere else. Check the
logs/console of the browser to see if you get any hints there.
You can also list the tcp/tls connection via RPC and see if the
connection you expect is there.
Cheers,
Daniel
On 20.05.20 10:30, Chirag Desai wrote:
Hi Daniel,
This is the result:
openssl s_client -connect sip.mydomain.com:5061
<http://sip.mydomain.com:5061> -tlsextdebug
CONNECTED(00000005)
TLS server extension "supported versions" (id=43), len=2
0000 - 03 04 ..
TLS server extension "key share" (id=51), len=36
0000 - 00 1d 00 20 3b 06 9a e5-21 16 73 b1 db 04 55 47 ... ;.
..!.s...UG
0010 - 33 5a e0 98 af bf ba 3e-e6 0d 69 40 38 f8 c8 0b 3Z....
.>..i@8...
0020 - ed 79 f2 48 .y.H
TLS server extension "server name" (id=0), len=0
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority
X3
verify return:1
depth=0 CN =
sip.mydomain.com <http://sip.mydomain.com>
verify return:1
---
Certificate chain
0 s:CN =
sip.mydomain.com <http://sip.mydomain.com>
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
[REDACTED]
-----END CERTIFICATE-----
subject=CN =
sip.mydomain.com <http://sip.mydomain.com>
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority
X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3115 bytes and written 400 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read:errno=0