Hello Richard, I put the SSL certificates in /etc folder and changed the permissions of files (chmod 644) and it worked fine. Thank you.
Best Regards, Chandramouli. On Mon, Nov 3, 2025 at 10:19 PM Richard Robson <[email protected]> wrote: > So what is the error in the logs now? > I'm going to assume the certificates are the same in all cases. > If its still a permisions issue it could be a directory lower down in the > tree with more restrictive permission. > it is hard to say without any logs. > > > R > On 03/11/2025 12:07, Chandramouli P wrote: > > Hello Richard, > > Thank you for your reply. I resolved the permissions issue by giving chmod > 644 certificates* command. Currently, what I am doing is, I am keeping the > certificates in /tmp folder and giving 644 permission to the files and > working fine. Here, /tmp directory permission is 1777 (drwxrwxrwt). > > Now, I have created a new folder i.e. "certs" in /usr/local/etc/kamailio > folder and given same permissions like > chmod 1777 /usr/local/etc/kamailio/certs > chmod 644 /usr/local/etc/kamailio/certs/certificates* > > and It is not working. Any help would be appreciated and thank you in > advance. > > Best regards, > Chandramouli. > > On Wed, Oct 22, 2025 at 11:57 PM Richard Robson <[email protected]> > wrote: > >> the error states that it cannot read the Cert files due to permission >> issues. that is what is stopping it loading and the certificates are only >> for tls. which is why it would load with only udo and tcp. >> >> I would change the permissions on the cert directory for a start and see >> if that fixes it. make them permissable and step by step remove the >> psemissions, even put the files somewhere where the world can read them and >> test again. once the files are able to be read the instance should start. >> >> >> R >> On 22/10/2025 19:07, Chandramouli P wrote: >> >> Hello Richard, >> >> Thank you for your reply. Yes. You are correct. But, eventhough, I am >> logged in as root, Kamailio is starting and functioning well with TCP and >> UDP. Please advise me the next steps to troubleshoot. Thank you. >> >> Best Regards, >> Chandramouli. >> >> On Wed, Oct 22, 2025 at 10:46 PM Richard Robson via sr-users < >> [email protected]> wrote: >> >>> It looks like tou have 700 for root user on th cert directory and are >>> running kamailio as kamailio not route, which is correct, So can the >>> kamailio user read the cert directory? >>> >>> R >>> On 22/10/2025 16:48, Chandramouli P via sr-users wrote: >>> >>> Hello Ben, >>> >>> Thank you for your reply. When I was installing Kamailio, I followed >>> this: >>> >>> groupadd -g 5000 kamailio >>> >>> useradd -u 5000 -g 5000 -d /var/run/kamailio -M -s /bin/false kamailio >>> >>> >>> I am simply starting Kamailio like: systemctl start kamailio.service >>> >>> >>> Please find the below output for the command that you shared with me: >>> >>> >>> # kamailio -u kamailio -g kamailio -m 64 -M 16 >>> >>> Listening on >>> >>> udp: 10.122.0.4:5060 >>> >>> tcp: 10.122.0.4:5060 >>> >>> tls: 10.122.0.4:5061 >>> >>> Aliases: >>> >>> tls: rtpengine:5061 >>> >>> tcp: rtpengine:5060 >>> >>> udp: rtpengine:5060 >>> >>> *: 10.122.0.4:* >>> >>> >>> Thank you. >>> >>> >>> Best Regards, >>> >>> Chandramouli. >>> >>> On Wed, Oct 22, 2025 at 8:46 PM Ben Kaufman via sr-users < >>> [email protected]> wrote: >>> >>>> Are you using the user or group flags when starting Kamailio? >>>> >>>> kamailio *-u kamailio -g kamailio* -m 64 -M 16 >>>> >>>> >>>> >>>> *Kaufman* >>>> >>>> *Senior Voice Engineer * >>>> >>>> >>>> E: [email protected] >>>> 24/7 support: 888.543.2000 >>>> >>>> >>>> >>>> >>>> >>>> [image: img] >>>> >>>> SIP.US <https://sip.us> Client Support: >>>> 800.566.9810 >>>> >>>> SIPTRUNK <https://siptrunk.com> Client Support: >>>> 800.250.6510 >>>> >>>> Flowroute <https://flowroute.com> Client Support: >>>> 855.356.9768 >>>> >>>> ------------------------------ >>>> *From:* Chandramouli P via sr-users <[email protected]> >>>> *Sent:* Wednesday, October 22, 2025 9:49 AM >>>> *To:* Kamailio (SER) - Users Mailing List <[email protected]> >>>> *Cc:* Chandramouli P <[email protected]> >>>> *Subject:* [SR-Users] Re: Unable to start Kamailio with TLS >>>> configuration >>>> >>>> >>>> *CAUTION:* This email originated from outside the organization. *Do >>>> not click links or open attachments* unless you recognize the sender >>>> and know the content is safe. >>>> >>>> Hello Richard, >>>> >>>> Thank you for your reply. If you noticed the steps that I used to >>>> generate certificates, I had already given 700 permission to the "certs" >>>> directory. >>>> >>>> >>>> 1. mkdir -p /usr/local/etc/kamailio/certs >>>> 2. cd /usr/local/etc/kamailio/certs >>>> 3. chmod 700 /usr/local/etc/kamailio/certs >>>> >>>> >>>> [root@rtpengine kamailio]# pwd >>>> >>>> /usr/local/etc/kamailio >>>> >>>> [root@rtpengine kamailio]# >>>> >>>> [root@rtpengine kamailio]# ls -ll >>>> >>>> drwx------ 2 root root 150 Oct 22 17:48 certs >>>> >>>> >>>> [root@rtpengine kamailio]# ls -ll certs/ >>>> >>>> -rw-r--r-- 1 root root 1992 Oct 22 17:48 ca-cert.pem >>>> >>>> -rw-r--r-- 1 root root 41 Oct 22 17:48 ca-cert.srl >>>> >>>> -rw------- 1 root root 3243 Oct 22 17:48 ca-key.pem >>>> >>>> -rw-r--r-- 1 root root 0 Oct 22 17:48 crl.pem >>>> >>>> -rw-r--r-- 1 root root 1870 Oct 22 17:48 kamailio-cert.pem >>>> >>>> -rw------- 1 root root 3243 Oct 22 17:48 kamailio-key.pem >>>> >>>> -rw-r--r-- 1 root root 1675 Oct 22 17:48 kamailio-req.pem >>>> >>>> >>>> Please advise me, is there any other part that I missed? Thank you >>>> in advance. >>>> >>>> Best Regards, >>>> Chandramouli. >>>> >>>> On Wed, Oct 22, 2025 at 8:02 PM Richard Robson via sr-users < >>>> [email protected]> wrote: >>>> >>>> from the error it looks like a permissions problem probably the 700 on >>>> the directory >>>> >>>> Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls >>>> [tls_domain.c:609]: load_cert(): TLSs<default>: Unable to load certificate >>>> file '/usr/local/etc/kamailio/certs/kamailio-cert.pem' >>>> Oct 22 18:23:54 rtpengine /usr/local/sbin/kamailio[34391]: ERROR: tls >>>> [tls_util.h:50]: tls_err_ret(): load_cert:error:0200100D:system >>>> library:fopen:Permission denied (sni: unknown) >>>> >>>> >>>> regards, >>>> >>>> Richard >>>> >>>> >>>> On 22/10/2025 14:14, Chandramouli P via sr-users wrote: >>>> >>>> Hello, >>>> >>>> Please find my server environment below: >>>> >>>> Operating System: RockyLinux 8.x and RHEL 8.x >>>> Kamailio version: 6.0.2 >>>> IP address: 10.122.0.4 >>>> >>>> I have generated SSL certificates using OpenSSL. After configuring >>>> Kamailio, I am unable to start Kamailio. Please find the steps that I used >>>> to generate certificates along with configuration at the below link: >>>> >>>> *https://pastebin.com/Veu8z9Pr >>>> <https://urldefense.com/v3/__https://pastebin.com/Veu8z9Pr__;!!KWzduNI!ctTqkVdiFjvQqkvH9YSFdPOAaiLXbUHuOPjARk5Hm2IeQHl47TmNh41PBoqPqAEfXIBiLdFcA4d-b1lc_sZvGl8$>* >>>> >>>> Any help would be appreciated and thanks in advance. >>>> >>>> Best Regards, >>>> Chandramouli. >>>> >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions -- >>>> [email protected] >>>> To unsubscribe send an email to [email protected] >>>> Important: keep the mailing list in the recipients, do not reply only to >>>> the sender! >>>> >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions -- >>>> [email protected] >>>> To unsubscribe send an email to [email protected] >>>> Important: keep the mailing list in the recipients, do not reply only >>>> to the sender! >>>> >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions -- >>>> [email protected] >>>> To unsubscribe send an email to [email protected] >>>> Important: keep the mailing list in the recipients, do not reply only >>>> to the sender! >>>> >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions -- >>> [email protected] >>> To unsubscribe send an email to [email protected] >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions -- >>> [email protected] >>> To unsubscribe send an email to [email protected] >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> >>
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
