Hi Henning, Thank you for your reply. yes there is ca_list parameter .. but no idea from where i can get that list. can you please guide me on how to get ca_list, how would I generate ca_list.
thanks On Fri, Aug 19, 2022 at 2:40 PM Henning Westerholt <[email protected]> wrote: > Hello, > > > > try to add the „ca_list” parameter to your ca file, it seems an error > related to that. > > > > Cheers, > > > > Henning > > > > -- > > Henning Westerholt – https://skalatan.de/blog/ > > Kamailio services – https://gilawa.com > > > > *From:* sr-users <[email protected]> *On Behalf Of *M > Arqum CH > *Sent:* Thursday, August 18, 2022 10:49 PM > *To:* Kamailio (SER) - Users Mailing List <[email protected]> > *Subject:* [SR-Users] TLS issue > > > > Dear All, > > Thank you in advance . > > > > Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon > linux server. > > > > Getting this error. > > > > Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: > ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error > Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: > ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL > routines:ssl3_read_bytes:tlsv1 alert unknown ca > Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: > ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: > 143.198.11.1:62033 ///client ip > Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: > ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 172.36.53.1:5061 > ///ec2 local ip > Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: > ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req: > error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1) > > > > TLS Config > > [server:default] > method = TLSv1+ > verify_certificate = no > require_certificate = nocertificate=/usr/local/ssl/certs/cert.pem > private_key=/usr/local/ssl/certs/fullkey.pem > server_name = abc.domain > > > > > > Also tried this conf > > [server:default] > method = TLSv1+ ///tries all version options > > > verify_certificate = no > require_certificate = no > certificate=/usr/local/ssl/certs/ abc.domain.crt > private_key=/usr/local/ssl/certs/ abc.domain.key > server_name = abc.domain.link > > > > openssl version > OpenSSL 1.0.2k-fips 26 Jan 2017 > > > > > > > > please guide. > > > > > > -- > > Regards > > Arqum > -- Regards M Arqum
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
