yanlin a écrit :
Hi, all, i have been trying to test TLS support on OpenSER with EyeBeam client, but in no vain. OpenSER keep complaining that "client did not present a certificate". really need help! thanks in advance. here is some info of my environment:
- OpenSER 1.2 and EyeBeam 1.5
- run "openserctl tls rootCA", create "cacert.pem" under
/etc/openser/tls/rootCA/. 3) run "openserctl tls userCERT", create "user-calist.pem user-cert.pem user-cert_req.pem user-privkey.pem" under /etc/openser/tls/user/. 4) i have set openser.cfg as follow: disable_tls = 0 listen = tls:172.22.14.61:5061 tls_verify_client = 0 tls_require_client_certificate = 0 tls_method = TLSv1 tls_certificate = /etc/openser/tls/user/user-cert.pem" tls_private_key = "/etc/openser/tls/user/user-privkey.pem" tls_ca_list = "/etc/openser/tls/user/user-calist.pem" 5) copy "/etc/openser/tls/rootCA/cacert.pem" created at step 2) to EyeBeam clinet machine, which was a Windows XP machine, run "certmrg.msc" there, import this certificate to WindowXP "root certificate store". when run ... error occur. OpenSER complaint that "client did not present a certificate", and EyeBeam receive a "503 certificate name mismath". Any advise will be very appreciate !! yan lin yanlin@fortinet.com mailto:yanlin@fortinet.com 2007-3-26
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Your error mean your don't use good certificat for client. In openser tarball, try to use tls/tools/gen_XXX.sh script, with good config file (Read README). That worked for me.
good Luck