Hello,
your problems are probably not related to the certificate authority. Many people use
letsencrypt with Kamailio without problems. But other vendors of course works as well.
Cheers,
Henning
--
Henning Westerholt -
https://skalatan.de/blog/
Kamailio services -
https://gilawa.com<https://gilawa.com/>
From: sr-users <sr-users-bounces(a)lists.kamailio.org> On Behalf Of ThanhTruong
Sent: Saturday, July 17, 2021 6:57 PM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: Re: [SR-Users] please help to configure tls in kamailio for webrtc client like
simpl5
Hello everyone,
Could a good SSL work on my case ? Like if i got it from Comodo or something like that.
Could it work ?
I really need it work, if someone can help me, ping me on skype : voipmanvn
Thank you in advance.
ThanhTruong
On Jul 16, 2021, at 00:04, ThanhTruong
<thanhtruong217@gmail.com<mailto:thanhtruong217@gmail.com>> wrote:
Hi Fred,
i do not need client to present cert as well. i think that is your last question.
BTW, my kamailio is in NAT and has advertise on public IP.
So, does it effect on websocket and tls configuration ?
I have something in kamailio.cfg like:
#!substdef "!LOCALHOST_WSS4_ADDR!tls:IP4_LOCALHOST:MY_WSS_PORT advertise
mydomain.com<http://mydomain.com/>:MY_WSS_PORT!g"
Thanks
ThanhTruong
On Jul 15, 2021, at 22:28, ThanhTruong
<thanhtruong217@gmail.com<mailto:thanhtruong217@gmail.com>> wrote:
Hello Fred and all,
I set to no and try again, same issue.
this is tls.cfg
[server:default]
method = TLSv1+
verify_certificate = no
require_certificate = no
private_key =
/etc/letsencrypt/live/mydomain.com/privkey.pem<http://mydomain.com/privkey.pem>
certificate =
/etc/letsencrypt/live/mydomain.com/fullchain.pem<http://mydomain.com/fullchain.pem>
[client:default]
verify_certificate = no
require_certificate = no
and log is same
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core>
[core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: 27.65.214.194
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core>
[core/tcp_main.c:1174]: tcpconn_new(): on port 64742, type 3, socket 40
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core>
[core/tcp_main.c:1493]: tcpconn_add(): hashes: 303:768:633, 1
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core>
[core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x558c2e300aa0, 40, 2,
0x7fb1a8451258), fd_no=32
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core>
[core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x558c2e300aa0, 40, -1, 0x0)
fd_no=33 called
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core>
[core/tcp_main.c:4456]: handle_tcpconn_ev(): sending to child, events 1
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core>
[core/tcp_main.c:4126]: send2child(): selected tcp worker idx:0 proc:10 pid:24060 for
activity on [tls:172.31.44.170:4443], 0x7fb1a8451258
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core>
[core/tcp_read.c:1749]: handle_io(): received n=8 con=0x7fb1a8451258, fd=9
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:199]:
tls_complete_init(): completing tls connection initialization
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:228]:
tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7fb1a82d20a8 ctx
0x7fb1a83242e8 sn [])
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:1177]:
tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb1a83242e8: (nil)
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:747]:
sr_ssl_ctx_info_callback(): SSL handshake started
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:948]:
tls_server_name_cb(): received server_name (TLS extension):
'mydomain.com<http://mydomain.com/>'
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:967]:
tls_server_name_cb(): TLS cfg domain selected for received server name
[
mydomain.com<http://mydomain.com/>]/>]: socket [:0] server name='' - switching
SSL CTX to 0x7fb1a83242e8 dom 0x7fb1a82d20a8 (default)
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core>
[core/tcp_main.c:2705]: tcpconn_do_send(): sending...
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core>
[core/tcp_main.c:2738]: tcpconn_do_send(): after real write: c= 0x7fb1a8451258 n=4593
fd=9
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core>
[core/tcp_main.c:2739]: tcpconn_do_send(): buf=#012#026#003#003
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core>
[core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x558c2e36c740, 9, 2,
0x7fb1a8451258), fd_no=1
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:1177]:
tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb1a83242e8: (nil)
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:759]:
sr_ssl_ctx_info_callback(): SSL handshake done
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:747]:
sr_ssl_ctx_info_callback(): SSL handshake started
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:751]:
sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:759]:
sr_ssl_ctx_info_callback(): SSL handshake done
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:747]:
sr_ssl_ctx_info_callback(): SSL handshake started
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:751]:
sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:759]:
sr_ssl_ctx_info_callback(): SSL handshake done
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:424]:
tls_accept(): TLS accept successful
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:431]:
tls_accept(): tls_accept: new connection from 27.65.214.194:64742 using TLSv1.3
TLS_AES_256_GCM_SHA384 256
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:434]:
tls_accept(): tls_accept: local socket: 172.31.44.170:4443
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:445]:
tls_accept(): tls_accept: client did not present a certificate
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:1199]:
tls_h_read_f(): Reading on a renegotiation of connection (n:569) (0)
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core>
[core/tcp_read.c:1515]: tcp_read_req(): EOF
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core>
[core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x558c2e36c740, 9, -1, 0x10)
fd_no=2 called
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core>
[core/tcp_read.c:1884]: handle_io(): removing from list 0x7fb1a8451258 id 1 fd 9, state 2,
flags 4018, main fd 40, refcnt 2 ([27.65.214.194]:64742 -> [27.65.214.194]:4443)
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core>
[core/tcp_read.c:1668]: release_tcpconn(): releasing con 0x7fb1a8451258, state -1, fd=9,
id=1 ([27.65.214.194]:64742 -> [27.65.214.194]:4443)
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core>
[core/tcp_read.c:1672]: release_tcpconn(): extra_data 0x7fb1a8431bc8
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core>
[core/tcp_main.c:3558]: handle_tcp_child(): reader response= 7fb1a8451258, -1 from 0
Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: tls [tls_server.c:683]:
tls_h_tcpconn_close_f(): Closing SSL connection 0x7fb1a8431bc8
:)
Thanks,
Thanhtruong
On Jul 15, 2021, at 22:17, Fred Posner
<fred@palner.com<mailto:fred@palner.com>> wrote:
On 7/15/21 11:12 AM, ThanhTruong wrote:
i am not sure what is the issue.
Well, you are currently requiring a client certificate. If you are not
meaning to do this, set that to no.
--
Fred Posner --
www.palner.com<http://www.palner.com/>
Matrix: @fred:matrix.lod.com<http://matrix.lod.com/>