the error states that it cannot read the Cert files due to permission
issues. that is what is stopping it loading and the certificates are
only for tls. which is why it would load with only udo and tcp.
I would change the permissions on the cert directory for a start and see
if that fixes it. make them permissable and step by step remove the
psemissions, even put the files somewhere where the world can read them
and test again. once the files are able to be read the instance should
start.
R
On 22/10/2025 19:07, Chandramouli P wrote:
Hello Richard,
Thank you for your reply. Yes. You are correct. But, eventhough, I am
logged in as root, Kamailio is starting and functioning well with TCP
and UDP. Please advise me the next steps to troubleshoot. Thank you.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 10:46 PM Richard Robson via sr-users
<[email protected]> wrote:
It looks like tou have 700 for root user on th cert directory and
are running kamailio as kamailio not route, which is correct, So
can the kamailio user read the cert directory?
R
On 22/10/2025 16:48, Chandramouli P via sr-users wrote:
Hello Ben,
Thank you for your reply. When I was installing Kamailio, I
followed this:
groupadd -g 5000 kamailio
useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false
kamailio
I am simply starting Kamailio like: systemctl start kamailio.service
Please find the below output for the command that you shared with me:
# kamailio -u kamailio -g kamailio -m 64 -M 16
Listening on
udp: 10.122.0.4:5060 <http://10.122.0.4:5060>
tcp: 10.122.0.4:5060 <http://10.122.0.4:5060>
tls: 10.122.0.4:5061 <http://10.122.0.4:5061>
Aliases:
tls: rtpengine:5061
tcp: rtpengine:5060
udp: rtpengine:5060
*: 10.122.0.4:*
Thank you.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users
<[email protected]> wrote:
Are you using the user or group flags when starting Kamailio?
kamailio *-u kamailio -g kamailio* -m 64 -M 16
*Kaufman***
/Senior Voice Engineer
/
E: [email protected]
24/7 support: 888.543.2000
img
SIP.US <https://sip.us> Client Support:
800.566.9810
SIPTRUNK <https://siptrunk.com> Client Support:
800.250.6510
Flowroute <https://flowroute.com> Client Support:
855.356.9768
**
------------------------------------------------------------------------
*From:* Chandramouli P via sr-users <[email protected]>
*Sent:* Wednesday, October 22, 2025 9:49 AM
*To:* Kamailio (SER) - Users Mailing List
<[email protected]>
*Cc:* Chandramouli P <[email protected]>
*Subject:* [SR-Users] Re: Unable to start Kamailio with TLS
configuration
*CAUTION:* This email originated from outside the
organization. _Do not click links or open attachments_ unless
you recognize the sender and know the content is safe.
Hello Richard,
Thank you for your reply. If you noticed the steps that I
used to generate certificates, I had already given 700
permission to the "certs" directory.
1.
mkdir -p /usr/local/etc/kamailio/certs
2.
cd /usr/local/etc/kamailio/certs
3.
chmod 700 /usr/local/etc/kamailio/certs
[root@rtpengine kamailio]# pwd
/usr/local/etc/kamailio
[root@rtpengine kamailio]#
[root@rtpengine kamailio]# ls -ll
drwx------ 2 root root 150 Oct 22 17:48 certs
[root@rtpengine kamailio]# ls -ll certs/
-rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem
-rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl
-rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem
-rw-r--r-- 1 root root0 Oct 22 17:48 crl.pem
-rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem
-rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem
-rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem
Please advise me, is there any other part that I missed?
Thank you in advance.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users
<[email protected]> wrote:
from the error it looks like a permissions problem
probably the 700 on the directory
Oct 22 18:23:54 rtpengine
/usr/local/sbin/kamailio[34391]: ERROR: tls
[tls_domain.c:609]: load_cert(): TLSs<default>: Unable to
load certificate file
'/usr/local/etc/kamailio/certs/kamailio-cert.pem'
Oct 22 18:23:54 rtpengine
/usr/local/sbin/kamailio[34391]: ERROR: tls
[tls_util.h:50]: tls_err_ret():
load_cert:error:0200100D:system library:fopen:Permission
denied (sni: unknown)
regards,
Richard
On 22/10/2025 14:14, Chandramouli P via sr-users wrote:
Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x
Kamailio version: 6.0.2
IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL. After
configuring Kamailio, I am unable to start Kamailio.
Please find the steps that I used to generate
certificates along with configuration at the below link:
*https://pastebin.com/Veu8z9Pr
<https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$>*
Any help would be appreciated and thanks in advance.
Best Regards,
Chandramouli.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
[email protected]
To unsubscribe send an email [email protected]
Important: keep the mailing list in the recipients, do not reply
only to the sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial
Discussions -- [email protected]
To unsubscribe send an email to
[email protected]
Important: keep the mailing list in the recipients, do
not reply only to the sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions --
[email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not
reply only to the sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
[email protected]
To unsubscribe send an email [email protected]
Important: keep the mailing list in the recipients, do not reply only to
the sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions --
[email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply
only to the sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions --
[email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
