It depends on what you want to configure.
If the softswitch shall be authenticated by TLS then of course you have to set "require_certificate=yes".
Further, find out why the handshake fails. Use tcpdump/wireshark to find out who sends the SSL alert. It seems the softswitch sends the alert: thus make sure that the softswitch is configured with the correct certificate and also provide the softswitch with the CA certificate (or the self-signed certificate) of Kamailio's certificate.
See also: http://www.kamailio.org/dokuwiki/doku.php/troubleshooting:tls http://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging
regards Klaus
On 04.01.2013 18:30, Iurii Andamasov wrote:
other side is softswitch, not an softphone, other side also use selfsigned certificate should i set require_certificate = no ? On 04.01.2013, at 14:49, Daniel-Constantin Mierla <miconda@gmail.com mailto:miconda@gmail.com> wrote:
Hello,
is the sip phone presenting a certificate? You require that in the server part of tls.cfg.
Cheers, Daniel
On 1/4/13 10:44 AM, Iurii Andamasov wrote:
Hello, trying setup kamailio with TLS, have 2 peers, tls.cfg: http://pastebin.com/DvdDzx0v i'm getting Jan 4 10:38:43 fs-tls /usr/sbin/kamailio[3798]: ERROR: tls [tls_server.c:1190]: TLS read:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Can someone point me to solution? Thanks
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users