Hello,

 

your problems are probably not related to the certificate authority. Many people use letsencrypt with Kamailio without problems. But other vendors of course works as well.

 

Cheers,

 

Henning

 

--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com

 

From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of ThanhTruong
Sent: Saturday, July 17, 2021 6:57 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] please help to configure tls in kamailio for webrtc client like simpl5

 

Hello everyone,

 

Could a good SSL work on my case ? Like if i got it from Comodo or something like that. Could it work ?

 

I really need it work, if someone can help me, ping me on skype : voipmanvn

 

Thank you in advance.

ThanhTruong



On Jul 16, 2021, at 00:04, ThanhTruong <thanhtruong217@gmail.com> wrote:

 

 

Hi Fred,

 

i do not need client to present cert as well. i think that is your last question.

 

BTW, my kamailio is in NAT and has advertise on public IP. 

 

So, does it effect on websocket and tls configuration ?

 

I have something in kamailio.cfg like:

 

 

#!substdef "!LOCALHOST_WSS4_ADDR!tls:IP4_LOCALHOST:MY_WSS_PORT advertise mydomain.com:MY_WSS_PORT!g"



Thanks

ThanhTruong

 



On Jul 15, 2021, at 22:28, ThanhTruong <thanhtruong217@gmail.com> wrote:

 

Hello Fred and all,

 

I set to no and try again, same issue.

 

this is tls.cfg

 

[server:default]

method = TLSv1+

verify_certificate = no

require_certificate = no

private_key = /etc/letsencrypt/live/mydomain.com/privkey.pem

certificate = /etc/letsencrypt/live/mydomain.com/fullchain.pem

 

[client:default]

verify_certificate = no

require_certificate = no







 

and log is same

 

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: 27.65.214.194

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> [core/tcp_main.c:1174]: tcpconn_new(): on port 64742, type 3, socket 40

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> [core/tcp_main.c:1493]: tcpconn_add(): hashes: 303:768:633, 1

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> [core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x558c2e300aa0, 40, 2, 0x7fb1a8451258), fd_no=32

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> [core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x558c2e300aa0, 40, -1, 0x0) fd_no=33 called

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> [core/tcp_main.c:4456]: handle_tcpconn_ev(): sending to child, events 1

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> [core/tcp_main.c:4126]: send2child(): selected tcp worker idx:0 proc:10 pid:24060 for activity on [tls:172.31.44.170:4443], 0x7fb1a8451258

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> [core/tcp_read.c:1749]: handle_io(): received n=8 con=0x7fb1a8451258, fd=9

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7fb1a82d20a8 ctx 0x7fb1a83242e8 sn [])

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb1a83242e8: (nil)

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:948]: tls_server_name_cb(): received server_name (TLS extension): 'mydomain.com'

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:967]: tls_server_name_cb(): TLS cfg domain selected for received server name [mydomain.com]: socket [:0] server name='' - switching SSL CTX to 0x7fb1a83242e8 dom 0x7fb1a82d20a8 (default)

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> [core/tcp_main.c:2705]: tcpconn_do_send(): sending...

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> [core/tcp_main.c:2738]: tcpconn_do_send(): after real write: c= 0x7fb1a8451258 n=4593 fd=9

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> [core/tcp_main.c:2739]: tcpconn_do_send(): buf=#012#026#003#003

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> [core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x558c2e36c740, 9, 2, 0x7fb1a8451258), fd_no=1

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7fb1a83242e8: (nil)

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:751]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:751]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:424]: tls_accept(): TLS accept successful

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from 27.65.214.194:64742 using TLSv1.3 TLS_AES_256_GCM_SHA384 256

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:434]: tls_accept(): tls_accept: local socket: 172.31.44.170:4443

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:445]: tls_accept(): tls_accept: client did not present a certificate

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls [tls_server.c:1199]: tls_h_read_f(): Reading on a renegotiation of connection (n:569) (0)

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> [core/tcp_read.c:1515]: tcp_read_req(): EOF

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> [core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x558c2e36c740, 9, -1, 0x10) fd_no=2 called

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> [core/tcp_read.c:1884]: handle_io(): removing from list 0x7fb1a8451258 id 1 fd 9, state 2, flags 4018, main fd 40, refcnt 2 ([27.65.214.194]:64742 -> [27.65.214.194]:4443)

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> [core/tcp_read.c:1668]: release_tcpconn(): releasing con 0x7fb1a8451258, state -1, fd=9, id=1 ([27.65.214.194]:64742 -> [27.65.214.194]:4443)

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> [core/tcp_read.c:1672]: release_tcpconn(): extra_data 0x7fb1a8431bc8

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> [core/tcp_main.c:3558]: handle_tcp_child(): reader response= 7fb1a8451258, -1 from 0

Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: tls [tls_server.c:683]: tls_h_tcpconn_close_f(): Closing SSL connection 0x7fb1a8431bc8





 

:)

 

Thanks,

Thanhtruong



On Jul 15, 2021, at 22:17, Fred Posner <fred@palner.com> wrote:

 

On 7/15/21 11:12 AM, ThanhTruong wrote:

i am not sure what is the issue.


Well, you are currently requiring a client certificate. If you are not
meaning to do this, set that to no.

--
Fred Posner -- www.palner.com
Matrix: @fred:matrix.lod.com