Date: Thu, 9 Sep 2010 11:13:19 +0200 From: klaus.mailinglists@pernau.at To: betergreen@live.com CC: sr-users@lists.sip-router.org Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate
Am 09.09.2010 10:17, schrieb peter_green lion:
hi all, i have configure tls support as this link: http://www.kamailio.org/docs/tls-devel.html#id2451496 and i add certificate to 3CX sip phone is "cacert.pem" but when i register sip phone, the log file in kamailio server is :
Sep 9 15:13:36 appliance /usr/local/sbin/kamailio[2146]: ERROR: tls [tls_server.c:392]: SSL error:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
I think the means that the SIP phone sends the ALERT because the it does not accept the certificate of the server. So you have to debug why the SIP phone does not accept the certificate.
You really should test with another SIP client first.
regards Klaus
my configure in kamailio.cfg as :
modparam("tls", "tls_method", "TLSv1") modparam("tls", "tls_method", "SSLv23") modparam("tls", "certificate", "/usr/local/etc/kamailio//tls/user/user-cert.pem") modparam("tls", "private_key", "/usr/local/etc/kamailio//tls/user/user-privkey.pem") modparam("tls", "ca_list", "/usr/local/etc/kamailio//tls/user/user-calist.pem") modparam("tls", "verify_certificate",0 ) modparam("tls", "require_certificate",0 )
please suggest to fix this error. thanks and regards. Peter Green.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
hi Klaus, i add certificate to internet explorer, but it fail: when i view this certificate i see that error:
"this certificate has expired or is not yet valid"
is mean this certificate is wrong ?
so how do i make it correct ?
thanks and regards, Peter Green.