So what is the error in the logs now?
I'm going to assume the certificates are the same in all cases.
If its still a permisions issue it could be a directory lower down in
the tree with more restrictive permission.
it is hard to say without any logs.
R
On 03/11/2025 12:07, Chandramouli P wrote:
Hello Richard,
Thank you for your reply. I resolved the permissions issue by giving
chmod 644 certificates* command. Currently, what I am doing is, I am
keeping the certificates in /tmp folder and giving 644 permission to
the files and working fine. Here, /tmp directory permission is 1777
(drwxrwxrwt).
Now, I have created a new folder i.e. "certs" in
/usr/local/etc/kamailio folder and given same permissions like
chmod 1777 /usr/local/etc/kamailio/certs
chmod 644 /usr/local/etc/kamailio/certs/certificates*
and It is not working. Any help would be appreciated and thank you in
advance.
Best regards,
Chandramouli.
On Wed, Oct 22, 2025 at 11:57 PM Richard Robson
<[email protected]> wrote:
the error states that it cannot read the Cert files due to
permission issues. that is what is stopping it loading and the
certificates are only for tls. which is why it would load with
only udo and tcp.
I would change the permissions on the cert directory for a start
and see if that fixes it. make them permissable and step by step
remove the psemissions, even put the files somewhere where the
world can read them and test again. once the files are able to be
read the instance should start.
R
On 22/10/2025 19:07, Chandramouli P wrote:
Hello Richard,
Thank you for your reply. Yes. You are correct. But, eventhough,
I am logged in as root, Kamailio is starting and functioning well
with TCP and UDP. Please advise me the next steps to
troubleshoot. Thank you.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 10:46 PM Richard Robson via sr-users
<[email protected]> wrote:
It looks like tou have 700 for root user on th cert directory
and are running kamailio as kamailio not route, which is
correct, So can the kamailio user read the cert directory?
R
On 22/10/2025 16:48, Chandramouli P via sr-users wrote:
Hello Ben,
Thank you for your reply. When I was installing Kamailio, I
followed this:
groupadd -g 5000 kamailio
useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s
/bin/false kamailio
I am simply starting Kamailio like: systemctl start
kamailio.service
Please find the below output for the command that you shared
with me:
# kamailio -u kamailio -g kamailio -m 64 -M 16
Listening on
udp: 10.122.0.4:5060 <http://10.122.0.4:5060>
tcp: 10.122.0.4:5060 <http://10.122.0.4:5060>
tls: 10.122.0.4:5061 <http://10.122.0.4:5061>
Aliases:
tls: rtpengine:5061
tcp: rtpengine:5060
udp: rtpengine:5060
*: 10.122.0.4:*
Thank you.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users
<[email protected]> wrote:
Are you using the user or group flags when starting
Kamailio?
kamailio *-u kamailio -g kamailio* -m 64 -M 16
*Kaufman***
/Senior Voice Engineer
/
E: [email protected]
24/7 support: 888.543.2000
img
SIP.US <https://sip.us> Client Support:
800.566.9810
SIPTRUNK <https://siptrunk.com> Client Support:
800.250.6510
Flowroute <https://flowroute.com> Client Support:
855.356.9768
**
------------------------------------------------------------------------
*From:* Chandramouli P via sr-users
<[email protected]>
*Sent:* Wednesday, October 22, 2025 9:49 AM
*To:* Kamailio (SER) - Users Mailing List
<[email protected]>
*Cc:* Chandramouli P <[email protected]>
*Subject:* [SR-Users] Re: Unable to start Kamailio with
TLS configuration
*CAUTION:* This email originated from outside the
organization. _Do not click links or open attachments_
unless you recognize the sender and know the content is
safe.
Hello Richard,
Thank you for your reply. If you noticed the steps that
I used to generate certificates, I had already given 700
permission to the "certs" directory.
1.
mkdir -p /usr/local/etc/kamailio/certs
2.
cd /usr/local/etc/kamailio/certs
3.
chmod 700 /usr/local/etc/kamailio/certs
[root@rtpengine kamailio]# pwd
/usr/local/etc/kamailio
[root@rtpengine kamailio]#
[root@rtpengine kamailio]# ls -ll
drwx------ 2 root root 150 Oct 22 17:48 certs
[root@rtpengine kamailio]# ls -ll certs/
-rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem
-rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl
-rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem
-rw-r--r-- 1 root root0 Oct 22 17:48 crl.pem
-rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem
-rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem
-rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem
Please advise me, is there any other part that I missed?
Thank you in advance.
Best Regards,
Chandramouli.
On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via
sr-users <[email protected]> wrote:
from the error it looks like a permissions problem
probably the 700 on the directory
Oct 22 18:23:54 rtpengine
/usr/local/sbin/kamailio[34391]: ERROR: tls
[tls_domain.c:609]: load_cert(): TLSs<default>:
Unable to load certificate file
'/usr/local/etc/kamailio/certs/kamailio-cert.pem'
Oct 22 18:23:54 rtpengine
/usr/local/sbin/kamailio[34391]: ERROR: tls
[tls_util.h:50]: tls_err_ret():
load_cert:error:0200100D:system
library:fopen:Permission denied (sni: unknown)
regards,
Richard
On 22/10/2025 14:14, Chandramouli P via sr-users wrote:
Hello,
Please find my server environment below:
Operating System: RockyLinux 8.x and RHEL 8.x
Kamailio version: 6.0.2
IP address: 10.122.0.4
I have generated SSL certificates using OpenSSL.
After configuring Kamailio, I am unable to start
Kamailio. Please find the steps that I used to
generate certificates along with configuration at
the below link:
*https://pastebin.com/Veu8z9Pr
<https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$>*
Any help would be appreciated and thanks in advance.
Best Regards,
Chandramouli.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
[email protected]
To unsubscribe send an email [email protected]
Important: keep the mailing list in the recipients, do not
reply only to the sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial
Discussions -- [email protected]
To unsubscribe send an email to
[email protected]
Important: keep the mailing list in the recipients,
do not reply only to the sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial
Discussions -- [email protected]
To unsubscribe send an email to
[email protected]
Important: keep the mailing list in the recipients, do
not reply only to the sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
[email protected]
To unsubscribe send an email [email protected]
Important: keep the mailing list in the recipients, do not reply only
to the sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions --
[email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not
reply only to the sender!
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions --
[email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
