13 Apr
2018
13 Apr
'18
9:05 a.m.
Hello All,
I want to enable certificate validation on the server. I am only using self-signed certs.
I have the same cert/key in the client and server and want to only allow connection from
clients with this cert/key.
I have turned on the following in tls.cfg and done all the steps required in kamailio.cfg
file.
But it's failed to verify certs and allowing the clients which doesn't have same
certs.
Please help to configure the cert/key in right way.
[server:default]
method = TLSv1
verify_certificate = yes
require_certificate = yes
private_key = /usr/local/etc/kamailio/selfsigned.key
certificate = /usr/local/etc/kamailio/selfsigned.pem
ca_list = /usr/local/etc/sip-router/cacert.pem
[client:default]
verify_certificate = yes
require_certificate = yes
In advance Thank you.
Thanks,
Kiran
24 Apr
24 Apr
2:09 p.m.
Hello,
set debug=3 in kamailio.cfg and look at syslog debug messages, you
should get more hints about what kamailio is doing. Likely something is
not configured properly or the certificates of the clients are singed by
a trusted CA by your system (e.g., verisign, letsencrypt, ...).
Also, you should not have same private key/public certificate in both
client and server. You can become your own certificate authority and
sign the certificates you put in the clients -- search the web about
being your own CA.
Cheers,
Daniel
On 13.04.18 15:05, Kiran Gaddam wrote:
Hello All,
I want to enable certificate validation on the server. I am only using
self-signed certs.
I have the same cert/key in the client and server and want to only
allow connection from clients with this cert/key.
I have turned on the following in tls.cfg and done all the steps
required in kamailio.cfg file.
But it’s failed to verify certs and allowing the clients which doesn’t
have same certs.
Please help to configure the cert/key in right way.
[server:default]
method = TLSv1
verify_certificate = yes
require_certificate = yes
private_key = /usr/local/etc/kamailio/selfsigned.key
certificate = /usr/local/etc/kamailio/selfsigned.pem
ca_list = /usr/local/etc/sip-router/cacert.pem
[client:default]
verify_certificate = yes
require_certificate = yes
In advance Thank you.
Thanks,
Kiran
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
11:41 p.m.
Hello Daniel,
Thanks for the reply.
Regards,
Kiran
From: Daniel-Constantin Mierla <miconda(a)gmail.com>
Sent: 24 April 2018 23:39
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>rg>; Kiran Gaddam
<Kiran.Gaddam(a)MoviusCorp.com>
Cc: Jignesh Gandhi <Jignesh.Gandhi(a)MoviusCorp.com>om>; Pallav Kumar
<Pallav.Kumar(a)MoviusCorp.com>
Subject: Re: [SR-Users] Sha2 self-signed certs config in Kamilio
Hello,
set debug=3 in kamailio.cfg and look at syslog debug messages, you should get more hints
about what kamailio is doing. Likely something is not configured properly or the
certificates of the clients are singed by a trusted CA by your system (e.g., verisign,
letsencrypt, ...).
Also, you should not have same private key/public certificate in both client and server.
You can become your own certificate authority and sign the certificates you put in the
clients -- search the web about being your own CA.
Cheers,
Daniel
On 13.04.18 15:05, Kiran Gaddam wrote:
Hello All,
I want to enable certificate validation on the server. I am only using self-signed certs.
I have the same cert/key in the client and server and want to only allow connection from
clients with this cert/key.
I have turned on the following in tls.cfg and done all the steps required in kamailio.cfg
file.
But it's failed to verify certs and allowing the clients which doesn't have same
certs.
Please help to configure the cert/key in right way.
[server:default]
method = TLSv1
verify_certificate = yes
require_certificate = yes
private_key = /usr/local/etc/kamailio/selfsigned.key
certificate = /usr/local/etc/kamailio/selfsigned.pem
ca_list = /usr/local/etc/sip-router/cacert.pem
[client:default]
verify_certificate = yes
require_certificate = yes
In advance Thank you.
Thanks,
Kiran
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
www.twitter.com/miconda<http://www.twitter.com/miconda> --
www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>
Kamailio World Conference - May 14-16, 2018 -
www.kamailioworld.com<http://www.kamailioworld.com>
2450
days inactive
2462
days old
2 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
Kiran Gaddam