More info in the docs: https://kamailio.org/docs/modules/stable/modules/tls.html
On Thu, Nov 21, 2024 at 9:42 AM Joel Serrano <[email protected]> wrote: > Make sure you are using a config FILE for the TLS-config, and not setting > the params directly in the KAMAILIO-CONFIG-FILE. > > Specifically this: > > > $ cat tls.cfg > # > # Kamailio TLS Configuration File > # > > # This is the default server domain, settings > # in this domain will be used for all incoming > # connections that do not match any other server > # domain in this configuration file. > # > > [server:default] > method = TLSv1+ > private_key = ... > certificate = ... > ca_list = ... > ... > ... > > > > And then in kamailio.cfg: > > modparam("tls", "config", "/etc/kamailio/tls.cfg") > > > > Then you should be able to do `tls.reload` ... > > Do no set the certificate config inside the kamailio.cfg config, that's > the bottom line. > > Joel. > > On Wed, Nov 20, 2024 at 11:47 AM Sergiu Pojoga via sr-users < > [email protected]> wrote: > >> Looks like a cert file permissions issue. >> >> On Wed, Nov 20, 2024 at 1:35 PM Yuriy Nasida via sr-users < >> [email protected]> wrote: >> >>> Hello, >>> >>> I am using letsencrypt cert and key and do not want to restart kamailio >>> every 3 months to load new ones. >>> I know that there is: kamcmd tls.reload method but it has an error for >>> me. >>> error: 500 - Error while fixing TLS configuration (consult server log) >>> >>> I am checking the logs and see: >>> >>> kamailio[3865480]: INFO: tls [tls_domain.c:345]: ksr_tls_fill_missing(): >>> TLSs<default>: tls_method=3 >>> kamailio[3865480]: INFO: tls [tls_domain.c:357]: ksr_tls_fill_missing(): >>> TLSs<default>: certificate='/etc/kamailio/certs/my_cert.crt' >>> kamailio[3865480]: INFO: tls [tls_domain.c:364]: ksr_tls_fill_missing(): >>> TLSs<default>: ca_list='(null)' >>> kamailio[3865480]: INFO: tls [tls_domain.c:371]: ksr_tls_fill_missing(): >>> TLSs<default>: ca_path='(null)' >>> kamailio[3865480]: INFO: tls [tls_domain.c:378]: ksr_tls_fill_missing(): >>> TLSs<default>: crl='(null)' >>> kamailio[3865480]: INFO: tls [tls_domain.c:382]: ksr_tls_fill_missing(): >>> TLSs<default>: require_certificate=0 >>> kamailio[3865480]: INFO: tls [tls_domain.c:390]: ksr_tls_fill_missing(): >>> TLSs<default>: cipher_list='(null)' >>> kamailio[3865480]: INFO: tls [tls_domain.c:397]: ksr_tls_fill_missing(): >>> TLSs<default>: private_key='/etc/kamailio/certs/private.key' >>> kamailio[3865480]: INFO: tls [tls_domain.c:401]: ksr_tls_fill_missing(): >>> TLSs<default>: verify_certificate=0 >>> kamailio[3865480]: INFO: tls [tls_domain.c:406]: ksr_tls_fill_missing(): >>> TLSs<default>: verify_depth=9 >>> kamailio[3865480]: INFO: tls [tls_domain.c:410]: ksr_tls_fill_missing(): >>> TLSs<default>: verify_client=0 >>> kamailio[3865480]: NOTICE: tls [tls_domain.c:1168]: >>> ksr_tls_fix_domain(): registered server_name callback handler for socket >>> [:0], server_name='<default>' ... >>> kamailio[3865480]: ERROR: tls [tls_domain.c:590]: load_cert(): >>> TLSs<default>: Unable to load certificate file >>> '/etc/kamailio/certs/my_cert.crt' >>> kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret(): >>> load_cert:error:03000072:digital envelope routines::decode error (sni: >>> unknown) >>> kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret(): >>> load_cert:error:0A00018F:SSL routines::ee key too small (sni: unknown) >>> >>> Any advice ? >>> >>> It's interesting that there are not any errors in case I restart >>> kamailio. I can make TLS calls without problems. >>> >>> deb 12.5 >>> version: kamailio 5.7.4 (x86_64/linux) >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions -- >>> [email protected] >>> To unsubscribe send an email to [email protected] >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions -- >> [email protected] >> To unsubscribe send an email to [email protected] >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
