On Sun, 8 Nov 2020, 23:38 Robert Dyck, <[email protected]> wrote: > Version Core 4.4.0-13-gc99cb9c88 Appimage > > The server/proxy is opensips. The certificate that is installed in > opensips > works for other user agents. Linphone rejects the certificate. The > certificate > was generated by Lets Encrypt. > > 2020-11-08 15:23:44:071 [AppRun.wrapped/belle-sip] MESSAGE Channel > [0x4c70290]: SSL handshake in progress... > 2020-11-08 15:23:44:091 [AppRun.wrapped/belle-sip] MESSAGE Found > certificate > depth=[0], flags=[not-trusted ]: > cert. version : 3 > serial number : 03:3D:58:6A:10:1B:E4:D8:68:7C:2F:14:41:57:D4:C9:D0:8B > issuer name : C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 > subject name : CN=bogus.com > issued on : 2020-09-25 15:29:57 > expires on : 2020-12-24 15:29:57 > signed using : RSA with SHA-256 > RSA key size : 2048 bits > basic constraints : CA=false > subject alt name : bogus.com > key usage : Digital Signature, Key Encipherment > ext key usage : TLS Web Server Authentication, TLS Web Client > Authentication > > 2020-11-08 15:23:44:091 [AppRun.wrapped/belle-sip] ERROR Channel > [0x4c70290]: > SSL handshake failed : X509 - Certificate verification failed, e.g. CRL, > CA or > signature check failed >
That sounds symptomatic of Linphone either using its own CA bundle, which may be out of date and doesn't include the Let's Encrypt Root CA certs, or the app is not able to query the system CA root bundle to validate your end entity cert. >
_______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users
