Hello, set debug=3 in kamailio.cfg and look at syslog debug messages, you should get more hints about what kamailio is doing. Likely something is not configured properly or the certificates of the clients are singed by a trusted CA by your system (e.g., verisign, letsencrypt, ...).
Also, you should not have same private key/public certificate in both client and server. You can become your own certificate authority and sign the certificates you put in the clients -- search the web about being your own CA. Cheers, Daniel On 13.04.18 15:05, Kiran Gaddam wrote: > Hello All, > > > > I want to enable certificate validation on the server. I am only using > self-signed certs. > > > > I have the same cert/key in the client and server and want to only > allow connection from clients with this cert/key. > > > > I have turned on the following in tls.cfg and done all the steps > required in kamailio.cfg file. > > > > But it’s failed to verify certs and allowing the clients which doesn’t > have same certs. > > > > Please help to configure the cert/key in right way. > > > > [server:default] > > > > method = TLSv1 > > > > verify_certificate = yes > > > > require_certificate = yes > > > > private_key = /usr/local/etc/kamailio/selfsigned.key > > > > certificate = /usr/local/etc/kamailio/selfsigned.pem > > > > ca_list = /usr/local/etc/sip-router/cacert.pem > > > > [client:default] > > verify_certificate = yes > > require_certificate = yes > > > > In advance Thank you. > > > > > > Thanks, > > Kiran > > > > > > > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
