Hi, I have OpenSIPS 1.6.4-tls with tls configuration in my opensips.cfg, it is working correctly with my Cisco SIP phones.
/* uncomment the following lines to enable TLS support (default off) */ disable_tls = no listen = tls:192.168.1.1:1234 tls_verify_server = 1 tls_verify_client = 0 tls_require_client_certificate = 0 tls_method = SSLv23 # tls_method = TLSv1 tls_certificate = "/usr/local/opensips/etc/tls/user/user-cert.pem" tls_private_key = "/usr/local/opensips/etc/tls/user/user-privkey.pem" tls_ca_list = "/usr/local/opensips/etc/tls/user/user-calist.pem" I want to use Bria softphones but i can't register them. Then I had generated new self-signed certificates and loaded in my PC, but i don't know if it is fine configured. I have done this: First i have configured /usr/local/opensips/etc/tls/ca.conf and /usr/local/opensips/etc/tls/user.conf In ca.conf i have rewrited: [ root_ca_distinguished_name ] commonName = 192.168.1.1:1234 # please update stateOrProvinceName = Your_STATE # please update countryName = CO # please update emailAddress = YOUR_EMAIL # please update organizationName = YOUR_ORG_NAME # please update And in user.conf i have rewrited: [ req ] prompt = no distinguished_name = server_distinguished_name [ server_distinguished_name ] commonName = 192.168.1.1:1234 # please update stateOrProvinceName = Some State # please update countryName = XY # please update emailAddress = [email protected] # please update organizationName = My Large Organization Name # please update organizationalUnitName = My Subunit of Large Organization # please update Then I have run: # /usr/local/opensips/sbin/opensipsctl tls rootCA # /usr/local/opensips/sbin/opensipsctl tls userCERT user I introduced the same password, this generated the folders: /usr/local/opensips/etc/tls/rootCA/ and /usr/local/opensips/etc/tls/user/ I copied the file: /usr/local/opensips/etc/tls/rootCA/cacert.pem to my Windows PC and i have loaded it in trusted root certification authorities, is named 192.168.1.1:1234 Before, the error was: ERROR:core:tls_print_errstack: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca ERROR:core:tls_accept: some error in SSL (ret=-1, err=5, errno=104/Connection reset by peer): ERROR:core:tls_accept: some error in SSL (ret=0, err=1, errno=0/Success): Now, with this certificate: ERROR:core:tls_accept: some error in SSL (ret=0, err=1, errno=0/Success): ERROR:core:tls_print_errstack: error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error ERROR:core:tls_accept: some error in SSL (ret=-1, err=5, errno=104/Connection reset by peer): But I have not achieved anything, What's happening? What are i doing bad? Thanks. Regards.
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
