Hello Henning, and David, all
I tried to change to letsencrypt and configure as bellow
[server:default] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/mydomain.com/privkey.pem certificate = /etc/letsencrypt/live/mydomain.com/fullchain.pem
[client:default] verify_certificate = yes require_certificate = yes
I have same issue, could not log with webrtc client. the log is like
Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23182]: DEBUG: <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: 27.65.214.194 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23182]: DEBUG: <core> [core/tcp_main.c:1174]: tcpconn_new(): on port 54961, type 3, socket 40 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23182]: DEBUG: <core> [core/tcp_main.c:1493]: tcpconn_add(): hashes: 2860:2307:2170, 10 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23182]: DEBUG: <core> [core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x559d7996eaa0, 40, 2, 0x7f660ad93258), fd_no=32 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23182]: DEBUG: <core> [core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x559d7996eaa0, 40, -1, 0x0) fd_no=33 called Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23182]: DEBUG: <core> [core/tcp_main.c:4456]: handle_tcpconn_ev(): sending to child, events 1 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23182]: DEBUG: <core> [core/tcp_main.c:4126]: send2child(): selected tcp worker idx:0 proc:10 pid:23172 for activity on [tls:172.31.44.170:4443], 0x7f660ad93258 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: <core> [core/tcp_read.c:1749]: handle_io(): received n=8 con=0x7f660ad93258, fd=9 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7f660ac140a8 ctx 0x7f660ac662e8 sn []) Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7f660ac662e8: (nil) Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:948]: tls_server_name_cb(): received server_name (TLS extension): 'mydomain.com' Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:967]: tls_server_name_cb(): TLS cfg domain selected for received server name [mydomain.com]: socket [:0] server name='' - switching SSL CTX to 0x7f660ac662e8 dom 0x7f660ac140a8 (default) Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: <core> [core/tcp_main.c:2705]: tcpconn_do_send(): sending... Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: <core> [core/tcp_main.c:2738]: tcpconn_do_send(): after real write: c= 0x7f660ad93258 n=4593 fd=9 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: <core> [core/tcp_main.c:2739]: tcpconn_do_send(): buf=#012#026#003#003 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: <core> [core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x559d799da740, 9, 2, 0x7f660ad93258), fd_no=1 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7f660ac662e8: (nil) Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:751]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:751]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_server.c:424]: tls_accept(): TLS accept successful Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from 27.65.214.194:54961 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_server.c:434]: tls_accept(): tls_accept: local socket: 172.31.44.170:4443 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_server.c:445]: tls_accept(): tls_accept: client did not present a certificate Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: tls [tls_server.c:1199]: tls_h_read_f(): Reading on a renegotiation of connection (n:-1) (2) Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: <core> [core/tcp_read.c:1515]: tcp_read_req(): EOF Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: <core> [core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x559d799da740, 9, -1, 0x10) fd_no=2 called Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: <core> [core/tcp_read.c:1884]: handle_io(): removing from list 0x7f660ad93258 id 10 fd 9, state 2, flags 4018, main fd 40, refcnt 2 ([27.65.214.194]:54961 -> [27.65.214.194]:4443) Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: <core> [core/tcp_read.c:1668]: release_tcpconn(): releasing con 0x7f660ad93258, state -1, fd=9, id=10 ([27.65.214.194]:54961 -> [27.65.214.194]:4443) Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23172]: DEBUG: <core> [core/tcp_read.c:1672]: release_tcpconn(): extra_data 0x7f660adb5a58 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23182]: DEBUG: <core> [core/tcp_main.c:3558]: handle_tcp_child(): reader response= 7f660ad93258, -1 from 0 Jul 15 14:49:00 ip-172-31-44-170 sbin/kamailio[23182]: DEBUG: tls [tls_server.c:683]: tls_h_tcpconn_close_f(): Closing SSL connection 0x7f660adb5a58
I did not see any error now, but could not register my webrtc client.
Please help me on that
thank you
On Jul 15, 2021, at 16:33, David Villasmil david.villasmil.work@gmail.com wrote:
Back when I did my first TLS, I did it with
https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/ https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/ It worked for me on the first try.
Maybe give it a try.
David
On Thu, 15 Jul 2021 at 11:02, ThanhTruong <thanhtruong217@gmail.com mailto:thanhtruong217@gmail.com> wrote: Hi Henning and all,
I can restart kamailio without error so i think kamailio can access the certs file, am i right?
Next, i can check the tls configuration via some command and result like:
openssl s_client -connect mydomain.com:4443 http://mydomain.com:4443/
result is:
CONNECTED(00000003) depth=1 C = US, ST = US, L = HCM, O = mydomain.com http://mydomain.com/, OU = mydomain.com http://mydomain.com/, CN = mydomain.com http://mydomain.com/, emailAddress = thanhtruong217@gmail.com mailto:thanhtruong217@gmail.com verify error:num=19:self signed certificate in certificate chain verify return:0
Certificate chain 0 s:/C=US/ST=US/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:C=US/ST=US/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com i:/C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com 1 s:/C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com i:/C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com
Server certificate -----BEGIN CERTIFICATE----- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx IKqnZKfVhfs= -----END CERTIFICATE----- subject=/C=US/ST=US/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:subject=/C=US/ST=US/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com issuer=/C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:issuer=/C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com
No client certificate CA names sent
SSL handshake has read 2890 bytes and written 391 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 047913A6C905B007C53EB31C51CBED00FDF8BBBBC8ACDA79238314C3AF899776 Session-ID-ctx: Master-Key: 98D20DD5C85389F6BA32F0CADC76789D03BA3534D45F446418120E8358ACE5142FC21C02E0E3E22090A9E5920F8AB835 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - fa 90 a9 99 5e 02 04 26-ae bf ce f4 05 06 87 e0 ....^..&........ 0010 - d5 a7 f2 74 ac 4a 7d 0b-ae ba 53 a4 89 14 95 52 ...t.J}...S....R 0020 - 68 53 ea 9b e2 1d 23 ae-77 86 6b 74 21 5e 1e 88 hS....#.w.kt!^.. 0030 - 50 75 3f e4 2a 7a 95 63-5a 87 58 b8 ac c1 ae 85 Pu?.*z.cZ.X..... 0040 - d9 73 3d 4d 5f 27 df 37-37 98 02 15 0c 3c 62 96 .s=M_'.77....<b. 0050 - 50 22 cd 2c e9 b0 aa ba-3e e0 9e a5 65 17 35 3f P".,....>...e.5? 0060 - d5 2d 37 4a 99 1a 19 42-aa 63 6a 74 8b fe 70 72 .-7J...B.cjt..pr 0070 - b6 cc 3d e1 b1 f8 da ee-9c 31 db 25 eb 2a 22 f5 ..=......1.%.*". 0080 - 38 87 13 aa 13 c1 4c c4-f9 1a 83 1c 38 a8 a9 15 8.....L.....8... 0090 - c4 70 cd 3f e5 0a 5e 5e-13 a3 13 a7 6d 29 0e 70 .p.?..^^....m).p 00a0 - fc 09 ee df e0 89 f6 48-29 04 1e 69 65 92 f0 e7 .......H)..ie...
Start Time: 1626338959 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain)
or normal tls port 5061:
openssl s_client -connect mydomain.com:5061 http://mydomain.com:5061/ -tls1 CONNECTED(00000003) depth=1 C = US, ST = US, L = HCM, O = mydomain.com http://mydomain.com/, OU = mydomain.com http://mydomain.com/, CN = mydomain.com http://mydomain.com/, emailAddress = thanhtruong217@gmail.com mailto:thanhtruong217@gmail.com verify error:num=19:self signed certificate in certificate chain verify return:0
Certificate chain 0 s:/C=US/ST=US/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:C=US/ST=US/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com i:/C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com 1 s:/C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com i:/C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com
Server certificate -----BEGIN CERTIFICATE----- MIIEVDCCAzygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCVVMx xxxxxxxxxx... IKqnZKfVhfs= -----END CERTIFICATE----- subject=/C=US/ST=US/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:subject=/C=US/ST=US/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com issuer=/C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com mailto:issuer=/C=US/ST=US/L=HCM/O=mydomain.com/OU=mydomain.com/CN=mydomain.com/emailAddress=thanhtruong217@gmail.com
No client certificate CA names sent
SSL handshake has read 2896 bytes and written 307 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : ECDHE-RSA-AES256-SHA Session-ID: EF724C7926D18D0B727709E4D42650D2141EA44771E3FF8B566161F51095B0C7 Session-ID-ctx: Master-Key: 61C323CD42A4447B4E662958EA4E5F9DE039A4F257342BBAED236E3B811D6052192FEC36CC245D810A847B9E5FFF54C6 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 45 b4 44 76 46 b2 f5 a5-39 a4 ec 4e 53 22 5c 20 E.DvF...9..NS"\ 0010 - d5 a7 f2 74 ac 4a 7d 0b-ae ba 53 a4 89 14 95 52 ...t.J}...S....R 0020 - fe 69 4e 7a 3e 23 ff 41-62 54 f1 71 f5 a3 a4 3f .iNz>#.AbT.q...? 0030 - 99 81 5c d9 71 b6 82 be-7e 17 19 a7 d3 55 6a c9 ...q...~....Uj. 0040 - 9f 9c da ef ef 35 54 30-6e 60 6f f1 e2 13 6c 95 .....5T0n`o...l. 0050 - 7e 2a 48 7b 07 51 57 2d-7d 69 7a 8a 46 34 9d 32 ~*H{.QW-}iz.F4.2 0060 - b4 7f 4b a4 61 c6 3a 13-3d 86 af cf 22 be 50 63 ..K.a.:.=...".Pc 0070 - 93 41 3e 18 d3 37 38 bc-cb b2 83 ea 63 8a 1c c0 .A>..78.....c... 0080 - 5a a4 ed 35 18 85 17 9d-24 7c 87 25 ff 98 11 eb Z..5....$|.%.... 0090 - f6 1d 89 41 9b ba a1 18-03 0a 90 90 bd 76 c8 80 ...A.........v.. 00a0 - 44 1f 3a 8c 99 ac 2f ef-a5 e2 22 a6 58 9a e8 2a D.:.../...".X..*
Start Time: 1626339048 Timeout : 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain)So, I am not sure what is my issue/wrong here. or can you help me to check more?
Thanks, ThanhTruon
On Jul 15, 2021, at 15:33, Henning Westerholt <hw@skalatan.de mailto:hw@skalatan.de> wrote:
Hello,
please format your e-mail only with black – its really hard to read (it might be related to my client, though).
Have you already checked the file system access rights to the certs if kamailio can actually read them?
Cheers,
Henning
-- Henning Westerholt – https://skalatan.de/blog/ https://skalatan.de/blog/ Kamailio services – https://gilawa.com https://gilawa.com/
From: sr-users <sr-users-bounces@lists.kamailio.org mailto:sr-users-bounces@lists.kamailio.org> On Behalf Of ThanhTruong Sent: Thursday, July 15, 2021 5:09 AM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org> Subject: Re: [SR-Users] please help to configure tls in kamailio for webrtc client like simpl5
Hello Fred and all,
I tried some changes, and result bellow.
with :
[server:default] method = SSLv23 verify_certificate = no require_certificate = no private_key = /etc/certs/mydomain.com/key.pem http://mydomain.com/key.pem certificate = /etc/certs/mydomain.com/cert.pem http://mydomain.com/cert.pem ca_list = /etc/certs/demoCA/cert.pem
[client:default] verify_certificate = yes require_certificate = yes ~
error log:
Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170
With settings:
[server:default] method = SSLv23 verify_certificate = no require_certificate = no private_key = /etc/certs/mydomain.com/key.pem http://mydomain.com/key.pem certificate = /etc/certs/mydomain.com/cert.pem http://mydomain.com/cert.pem ca_list = /etc/certs/demoCA/cert.pem
[client:default] verify_certificate = no require_certificate = no ~
and error log:
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170 Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fd64ee4bfc0 r: 0x7fd64ee4c0e8 (-1)
and tried:
[server:default] method = SSLv23 verify_certificate = yes require_certificate = yes private_key = /etc/certs/mydomain.com/key.pem http://mydomain.com/key.pem certificate = /etc/certs/mydomain.com/cert.pem http://mydomain.com/cert.pem ca_list = /etc/certs/demoCA/cert.pem
[client:default] verify_certificate = no require_certificate = no
and error log:
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170 Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f222a018fc0 r: 0x7f222a0190e8 (-1)
Then, i try with TLSv1+
[server:default] method = TLSv1+ verify_certificate = yes require_certificate = yes private_key = /etc/certs/mydomain.com/key.pem http://mydomain.com/key.pem certificate = /etc/certs/mydomain.com/cert.pem http://mydomain.com/cert.pem ca_list = /etc/certs/demoCA/cert.pem
[client:default] verify_certificate = no require_certificate = no
and log is:
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170 Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f9fd21cefc0 r: 0x7f9fd21cf0e8 (-1)
I am sorry to border you and all, but i dont know how to get it works, please suggest.
thank you so much.
On Jul 15, 2021, at 01:10, Fred Posner <fred@palner.com mailto:fred@palner.com> wrote:
On 7/14/21 2:04 PM, ThanhTruong wrote:
verify_certificate =yes require_certificate =yes
Change both of those to no in your case.
-- Fred Posner -- www.palner.com http://www.palner.com/ Matrix: @fred:matrix.lod.com http://matrix.lod.com/
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
- https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com mailto:david.villasmil.work@gmail.com phone: +34669448337 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: