Hi. I have configured Kamailio with Websockets. I want to add TLS. I generated certifikates with openssl and configured tls.cfg. But when i try to run kamailio, it gives me error, failed to start. This my syslog http://paste2.org/KdYsGE9f . Can anybody help me please? Thanks.
-- View this message in context: http://sip-router.1086192.n5.nabble.com/Kamailio-TLS-tp126046.html Sent from the Users mailing list archive at Nabble.com.
Adrian writes:
Hi. I have configured Kamailio with Websockets. I want to add TLS. I generated certifikates with openssl and configured tls.cfg. But when i try to run kamailio, it gives me error, failed to start. This my syslog http://paste2.org/KdYsGE9f . Can anybody help me please?
before sending this message, did you read yourself what the syslog error messages tell?
-- juha
Yes, but i dont understand. It's something with tls module?
-- View this message in context: http://sip-router.1086192.n5.nabble.com/Kamailio-TLS-tp126046p126049.html Sent from the Users mailing list archive at Nabble.com.
Ok. But, in this directory /etc/certs/demoCA/ps.sip.uniza.sk/cert.pem have certificate and everyone can read him. I used this tutorial http://nil.uniza.sk/network-security/tls/configuring-tls-support-kamailio-31-howto Whats wrong.
Thanks for helping me.
-- View this message in context: http://sip-router.1086192.n5.nabble.com/Kamailio-TLS-tp126046p126051.html Sent from the Users mailing list archive at Nabble.com.
The logs show access issue to the certificate file:
Mar 13 11:35:27 server /usr/sbin/kamailio[3827]: ERROR: tls [tls_domain.c:417]: load_cert(): TLSs<default>: Unable to load certificate file '/etc/certs/demoCA/ps.sip.uniza.sk/cert.pem' Mar 13 11:35:27 server /usr/sbin/kamailio[3827]: ERROR: tls [tls_domain.c:418]: load_cert(): load_cert:error:0200100D:system library:fopen:Permission denied
Note that kamailio might run as unprivileged user 'kamailio' if you run it from init.d script installed via packages.
Thus be sure everyone can access the full path of the files.
Cheers, Daniel
On 20/03/14 11:22, Adrian wrote:
Ok. But, in this directory /etc/certs/demoCA/ps.sip.uniza.sk/cert.pem have certificate and everyone can read him. I used this tutorial http://nil.uniza.sk/network-security/tls/configuring-tls-support-kamailio-31-howto Whats wrong.
Thanks for helping me.
-- View this message in context: http://sip-router.1086192.n5.nabble.com/Kamailio-TLS-tp126046p126051.html Sent from the Users mailing list archive at Nabble.com.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Thanks a lot.
-- View this message in context: http://sip-router.1086192.n5.nabble.com/Kamailio-TLS-tp126046p126053.html Sent from the Users mailing list archive at Nabble.com.
-
Adrian -
Daniel-Constantin Mierla -
Juha Heinanen