RE: Use cert chain in SSL settings

2018-12-04 Thread Szalai Kálmán 
Hi,

Thank you Vangelis for your answer. I tried the extra parameters what you 
advised, but I see same problem. Yes, the cert is wildcard SSL cert. Is it not 
supported by Kannel?

Best regards,
KAMI

Feladó: Vangelis Typaldos 
Küldve: 2018. december 4. 19:18
Címzett: Szalai Kálmán ; users@kannel.org
Tárgy: Re: Use cert chain in SSL settings

It seems you are using an SNI certificate (that is, sharing multiple SSL hosts 
on a single IP address).
You should correct the openssl s_client command to

openssl s_client -showcerts -servername www.example.com 
-connect www.example.com:443

I'm not sure that kannel support SNI certificates though

Best Regards,


From: users mailto:users-boun...@kannel.org>> on 
behalf of Szalai Kálmán 
mailto:szalai.kal...@ulyssys.hu>>
Sent: Tuesday, December 4, 2018 11:22 AM
To: users@kannel.org
Subject: Use cert chain in SSL settings


Dear All,



How can I set to use SSL in sendsms and admin and providing CA cert chain?



I used settings from documentation:



To use the SSL-enabled HTTP server please use the following configuration 
directive within the core and smsbox groups

group = core

...

ssl-server-cert-file = "filename"

ssl-server-key-file = "filename"



group = smsbox

...

sendsms-port-ssl = true



I tried to add my cert chain to ssl-server-cert-file file, but it is still 
providing only one cert, not the chain. I found ssl-trusted-ca-file option but 
it is not for server certs, isn't it?



openssl s_client command output:



CONNECTED(0003)

depth=0 CN = *. example.hu

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 CN = *.example.hu

verify error:num=21:unable to verify the first certificate

verify return:1

---

Certificate chain

0 s:/CN=*.example.hu

   i:/C=US/O=Cert Inc/OU=www.cert.com/CN=Cert RSA CA 2018



(domain name and cert retaled names were renamed.)



So is there any way to provide full cert chain via kannel configuration?





Thank you in advance!



Best regards,

KAMI
Ez a levél vírus- és spammentes. | This e-mail is virus-free.
Ez a levél vírus- és spammentes. | This e-mail is virus-free.

Re: Use cert chain in SSL settings

2018-12-04 Thread Vangelis Typaldos 
It seems you are using an SNI certificate (that is, sharing multiple SSL hosts 
on a single IP address).
You should correct the openssl s_client command to

openssl s_client -showcerts -servername www.example.com -connect 
www.example.com:443

I'm not sure that kannel support SNI certificates though

Best Regards,


From: users  on behalf of Szalai Kálmán 

Sent: Tuesday, December 4, 2018 11:22 AM
To: users@kannel.org
Subject: Use cert chain in SSL settings


Dear All,



How can I set to use SSL in sendsms and admin and providing CA cert chain?



I used settings from documentation:



To use the SSL-enabled HTTP server please use the following configuration 
directive within the core and smsbox groups

group = core

...

ssl-server-cert-file = "filename"

ssl-server-key-file = "filename"



group = smsbox

...

sendsms-port-ssl = true



I tried to add my cert chain to ssl-server-cert-file file, but it is still 
providing only one cert, not the chain. I found ssl-trusted-ca-file option but 
it is not for server certs, isn’t it?



openssl s_client command output:



CONNECTED(0003)

depth=0 CN = *. example.hu

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 CN = *.example.hu

verify error:num=21:unable to verify the first certificate

verify return:1

---

Certificate chain

0 s:/CN=*.example.hu

   i:/C=US/O=Cert Inc/OU=www.cert.com/CN=Cert RSA CA 2018



(domain name and cert retaled names were renamed.)



So is there any way to provide full cert chain via kannel configuration?





Thank you in advance!



Best regards,

KAMI

Ez a levél vírus- és spammentes. | This e-mail is virus-free.

Use cert chain in SSL settings

2018-12-04 Thread Szalai Kálmán 
Dear All,

How can I set to use SSL in sendsms and admin and providing CA cert chain?

I used settings from documentation:

To use the SSL-enabled HTTP server please use the following configuration 
directive within the core and smsbox groups
group = core
...
ssl-server-cert-file = "filename"
ssl-server-key-file = "filename"

group = smsbox
...
sendsms-port-ssl = true

I tried to add my cert chain to ssl-server-cert-file file, but it is still 
providing only one cert, not the chain. I found ssl-trusted-ca-file option but 
it is not for server certs, isn't it?

openssl s_client command output:

CONNECTED(0003)
depth=0 CN = *. example.hu
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.example.hu
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=*.example.hu
   i:/C=US/O=Cert Inc/OU=www.cert.com/CN=Cert RSA CA 2018

(domain name and cert retaled names were renamed.)

So is there any way to provide full cert chain via kannel configuration?


Thank you in advance!

Best regards,
KAMI
Ez a levél vírus- és spammentes. | This e-mail is virus-free.