Hello Richard, Thank you for your reply. I resolved the permissions issue by giving chmod 644 certificates* command. Currently, what I am doing is, I am keeping the certificates in /tmp folder and giving 644 permission to the files and working fine. Here, /tmp directory permission is 1777 (drwxrwxrwt).
Now, I have created a new folder i.e. "certs" in /usr/local/etc/kamailio folder and given same permissions like chmod 1777 /usr/local/etc/kamailio/certs chmod 644 /usr/local/etc/kamailio/certs/certificates* and It is not working. Any help would be appreciated and thank you in advance. Best regards, Chandramouli. On Wed, Oct 22, 2025 at 11:57 PM Richard Robson <[email protected]> wrote: > the error states that it cannot read the Cert files due to permission > issues. that is what is stopping it loading and the certificates are only > for tls. which is why it would load with only udo and tcp. > > I would change the permissions on the cert directory for a start and see > if that fixes it. make them permissable and step by step remove the > psemissions, even put the files somewhere where the world can read them and > test again. once the files are able to be read the instance should start. > > > R > On 22/10/2025 19:07, Chandramouli P wrote: > > Hello Richard, > > Thank you for your reply. Yes. You are correct. But, eventhough, I am > logged in as root, Kamailio is starting and functioning well with TCP and > UDP. Please advise me the next steps to troubleshoot. Thank you. > > Best Regards, > Chandramouli. > > On Wed, Oct 22, 2025 at 10:46 PM Richard Robson via sr-users < > [email protected]> wrote: > >> It looks like tou have 700 for root user on th cert directory and are >> running kamailio as kamailio not route, which is correct, So can the >> kamailio user read the cert directory? >> >> R >> On 22/10/2025 16:48, Chandramouli P via sr-users wrote: >> >> Hello Ben, >> >> Thank you for your reply. When I was installing Kamailio, I followed this: >> >> groupadd -g 5000 kamailio >> >> useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false kamailio >> >> >> I am simply starting Kamailio like: systemctl start kamailio.service >> >> >> Please find the below output for the command that you shared with me: >> >> >> # kamailio -u kamailio -g kamailio -m 64 -M 16 >> >> Listening on >> >> udp: 10.122.0.4:5060 >> >> tcp: 10.122.0.4:5060 >> >> tls: 10.122.0.4:5061 >> >> Aliases: >> >> tls: rtpengine:5061 >> >> tcp: rtpengine:5060 >> >> udp: rtpengine:5060 >> >> *: 10.122.0.4:* >> >> >> Thank you. >> >> >> Best Regards, >> >> Chandramouli. >> >> On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users < >> [email protected]> wrote: >> >>> Are you using the user or group flags when starting Kamailio? >>> >>> kamailio *-u kamailio -g kamailio* -m 64 -M 16 >>> >>> >>> >>> *Kaufman* >>> >>> *Senior Voice Engineer * >>> >>> >>> E: [email protected] >>> 24/7 support: 888.543.2000 >>> >>> >>> >>> >>> >>> [image: img] >>> >>> SIP.US <https://sip.us> Client Support: >>> 800.566.9810 >>> >>> SIPTRUNK <https://siptrunk.com> Client Support: >>> 800.250.6510 >>> >>> Flowroute <https://flowroute.com> Client Support: >>> 855.356.9768 >>> >>> ------------------------------ >>> *From:* Chandramouli P via sr-users <[email protected]> >>> *Sent:* Wednesday, October 22, 2025 9:49 AM >>> *To:* Kamailio (SER) - Users Mailing List <[email protected]> >>> *Cc:* Chandramouli P <[email protected]> >>> *Subject:* [SR-Users] Re: Unable to start Kamailio with TLS >>> configuration >>> >>> >>> *CAUTION:* This email originated from outside the organization. *Do not >>> click links or open attachments* unless you recognize the sender and >>> know the content is safe. >>> >>> Hello Richard, >>> >>> Thank you for your reply. If you noticed the steps that I used to >>> generate certificates, I had already given 700 permission to the "certs" >>> directory. >>> >>> >>> 1. mkdir -p /usr/local/etc/kamailio/certs >>> 2. cd /usr/local/etc/kamailio/certs >>> 3. chmod 700 /usr/local/etc/kamailio/certs >>> >>> >>> [root@rtpengine kamailio]# pwd >>> >>> /usr/local/etc/kamailio >>> >>> [root@rtpengine kamailio]# >>> >>> [root@rtpengine kamailio]# ls -ll >>> >>> drwx------ 2 root root 150 Oct 22 17:48 certs >>> >>> >>> [root@rtpengine kamailio]# ls -ll certs/ >>> >>> -rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem >>> >>> -rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl >>> >>> -rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem >>> >>> -rw-r--r-- 1 root root 0 Oct 22 17:48 crl.pem >>> >>> -rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem >>> >>> -rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem >>> >>> -rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem >>> >>> >>> Please advise me, is there any other part that I missed? Thank you >>> in advance. >>> >>> Best Regards, >>> Chandramouli. >>> >>> On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users < >>> [email protected]> wrote: >>> >>> from the error it looks like a permissions problem probably the 700 on >>> the directory >>> >>> Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls >>> [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate >>> file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' >>> Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls >>> [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system >>> library:fopen:Permission denied (sni: unknown) >>> >>> >>> regards, >>> >>> Richard >>> >>> >>> On 22/10/2025 14:14, Chandramouli P via sr-users wrote: >>> >>> Hello, >>> >>> Please find my server environment below: >>> >>> Operating System: RockyLinux 8.x and RHEL 8.x >>> Kamailio version: 6.0.2 >>> IP address: 10.122.0.4 >>> >>> I have generated SSL certificates using OpenSSL. After configuring >>> Kamailio, I am unable to start Kamailio. Please find the steps that I used >>> to generate certificates along with configuration at the below link: >>> >>> *https://pastebin.com/Veu8z9Pr >>> <https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$>* >>> >>> Any help would be appreciated and thanks in advance. >>> >>> Best Regards, >>> Chandramouli. >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions -- >>> [email protected] >>> To unsubscribe send an email to [email protected] >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions -- >>> [email protected] >>> To unsubscribe send an email to [email protected] >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions -- >>> [email protected] >>> To unsubscribe send an email to [email protected] >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions -- >> [email protected] >> To unsubscribe send an email to [email protected] >> Important: keep the mailing list in the recipients, do not reply only to the >> sender! >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions -- >> [email protected] >> To unsubscribe send an email to [email protected] >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
