Hi Igor, Because these errors about verification of Microsoft certificate. /etc/kamailio/tls/issuer.cer should contain certificate authorities list, which contains trusted root certificates. For example, for CentOS7 /etc/ssl/certs/ca-bundle.crt
----- Alexey Vasilyev [email protected] > 29 Mar 2020, в 11:36, Igor Olhovskiy <[email protected]> написал(а): > > Hi! > > Actually I’m trying to get Kamailio to work as MS Teams SBC following by > perfect article > https://skalatan.de/en/blog/kamailio-sbc-teams > <https://skalatan.de/en/blog/kamailio-sbc-teams> > It works well, but one thing is bothering me. > I’m using Let’sEncrypt certs (actually, works well), but with setting in > tls.conf > > verify_certificate = yes > require_certificate = yes > > It’s giving an errors like > > /usr/sbin/kamailio[4551]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS > write:error:1416F086:SSL routines:tls_process_server_certificate:certificate > verify failed > /usr/sbin/kamailio[4551]: ERROR: <core> [core/tcp_read.c:1505]: > tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f03e6d23d88 r: > 0x7f03e6d23e08 (-1) > > They are resolved with setting these settings (verify/require) to off > (actually, as mentioned here - > https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/ > <https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/>), but I’m > really curious - why? > > As I got, it’s using openssl verify on a background, but this check locally > passed with > > openssl verify -CAfile issuer.crt myserver.crt > myserver.crt: OK > > So, is there any tricks to lets encrypt or just some misconfig in tls.cfg? > > Now it looks like one from article > > [server:default] > method = TLSv1.2+ > verify_certificate = yes > require_certificate = yes > private_key = /etc/kamailio/tls/myserver.key > certificate = /etc/kamailio/tls/myserver.crt > ca_list = /etc/kamailio/tls/issuer.crt > > [client:default] > method = TLSv1.2+ > verify_certificate = yes > require_certificate = yes > private_key = /etc/kamailio/tls/myserver.key > certificate = /etc/kamailio/tls/myserver.crt > ca_list = /etc/kamailio/tls/issuer.crt > — > Regards, Igor > > > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
