Hi Muhammad

 

Can you try your tls cfg as below and make sure your certificates have the right permissions.

 

[server:default]

method = TLSv1.2+

verify_certificate = no

require_certificate = no

private_key = /etc/letsencrypt/live/MYDOMAIN/privkey.pem

certificate = /etc/letsencypt/live/MYDOMAIN/fullchain.pem

 

[client:default]

method = TLSv1.2+

verify_certificate = no

require_certificate = no

private_key = /etc/letsencrypt/live/MYDOMAIN/privkey.pem

certificate = /etc/letsencrypt/live/MYDOMAIN/fullchain.pem

From: Muhammad Sohaib via sr-users [mailto:sr-users@lists.kamailio.org]
Sent: Thursday, 15 August 2024 3:46 PM
To: Kamailio (SER) - Users Mailing List
Cc: Muhammad Sohaib
Subject: [SR-Users] certificate verify failed (sni: unknown) integration with ms teams

 

Dear all,

 

Trying to integrate Kamailio with MS Teams by following https://skalatan.de/en/blog/kamailio-sbc-teams

 

kamcmd dispatcher.list | egrep "URI|FLAGS" 

                                        URI: sip:sip.pstnhub.microsoft.com;transport=tls
                                        FLAGS: IP
                                        URI: sip:sip2.pstnhub.microsoft.com;transport=tls
                                        FLAGS: IP
                                        URI: sip:sip3.pstnhub.microsoft.com;transport=tls
                                        FLAGS: IP

 

Kamailio Logs:

/usr/local/sbin/kamailio[412158]: INFO: <script>: Sent out tm request:
OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012
Via: SIP/2.0/TLS x.x.x.x:5061;branch=z9hG4bK5dad.92de50b2000000000000000000000000.0#015#012
To: <sip:sip.pstnhub.microsoft.com;transport=tls>#015#012
From: <sip:test.mytest.com>;tag=5d0939b82abe9b1bbf185d963b6e6c88-edeb3c71#015#012
CSeq: 10 OPTIONS#015#012
Call-ID: 2db6bede5631d9b6-412158@88.99.244.106#015#012
Max-Forwards: 70#015#012Content-Length: 0#015#012
User-Agent: kamailio (5.8.2 (x86_64/linux))

/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1312]: tls_h_read_f(): protocol level error
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_util.h:49]: tls_err_ret(): TLS write:error:0A000086:SSL routines::certificate verify failed (sni: unknown)
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1316]: tls_h_read_f(): src addr: 52.114.75.24:5061
/usr/local/sbin/kamailio[412165]: ERROR: tls [tls_server.c:1319]: tls_h_read_f(): dst addr: x.x.x.x:0
/usr/local/sbin/kamailio[412165]: ERROR: <core> [core/tcp_read.c:1524]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fa74d265d40 r: 0x7fa74d265e68 (-1)


tls.cfg:

[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
server_name = test.mytest.com

[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/test.mytest.com/privkey.pem
certificate = /etc/letsencrypt/live/test.mytest.com/fullchain.pem
ca_list = /etc/letsencrypt/live/test.mytest.com/fullchain.pem

Please suggest what I am missing. 

---

Thanks,