22 Feb
2008
22 Feb
'08
8:48 a.m.
Hi All
I want to encrypt the communication between the softphone and OpenSER.
I have compiled 1.3 with TLS support and I am using the default certs
that come with the source code and are located in
/usr/local/etc/openser/tls/user
My TLS config looks as follows
disable_tls = no
listen = tls:xx.xx.xx.xx:443
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
I am getting the following error on my softphone
ERROR:core:tls_accept: some error in SSL:
ERROR:core:tls_print_errstack: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Any Suggestions ?
Thx
22 Feb
22 Feb
9:54 a.m.
Ali Jawad wrote:
ERROR:core:tls_print_errstack: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
The server presents a certificate and the client will verify the
certificate. Verification is done by the client by inspecting if the CA
which signed the servers certificate is one of the local trusted (well
known) CAs. (certificate authority)
Thus, you have to import the CA certificate into your SIP client.
regards
klaus
(read some SSL tutorials to understand how it works)
10:12 a.m.
Dear Klaus
Thank you for your prompt reply, I cant find a place to import certs in
X-lite..I will need to investigate this more. Is there any possible way
to encrypt communication between the server and the client without any
action on the client side.
-----Original Message-----
From: Klaus Darilion [mailto:klaus.mailinglists@pernau.at]
Sent: Friday, February 22, 2008 4:55 PM
To: Ali Jawad
Cc: users(a)lists.openser.org
Subject: Re: [OpenSER-Users] Probs With TLS Certificate
Ali Jawad wrote:
ERROR:core:tls_print_errstack: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
The server presents a certificate and the client will verify the
certificate. Verification is done by the client by inspecting if the CA
which signed the servers certificate is one of the local trusted (well
known) CAs. (certificate authority)
Thus, you have to import the CA certificate into your SIP client.
regards
klaus
(read some SSL tutorials to understand how it works)
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
1:50 p.m.
Ali Jawad wrote:
Dear Klaus
Thank you for your prompt reply, I cant find a place to import certs in
X-lite..I will need to investigate this more. Is there any possible way
XLite uses the Certificate store of Windows. (e.g. System Settings ->
Internet -> ...-> Certificates )
to encrypt communication between the server and the
client without any
action on the client side.
If you want to avoid that the clients have to import your CA
certificate, you can by a certificate by one of the "trusted" CAs which
are already installed in the CA store (e.g. Verisign, Thawte, .....)
regards
klaus
6164
days inactive
6164
days old
3 comments
2 participants
participants (2)
-
Ali Jawad -
Klaus Darilion