Hi Liviu.
I have just investigated a bit more about the issue. The problem is related to the creation of the files (following the tutorial on page http://www.opensips.org/Documentation/Tutorials-TLS-2-1).<http://www.opensips.org/Documentation/Tutorials-TLS-2-1> There is no problem to read the files (read CAKey or cert files) I have concluded it because I replaced the OpenSIPS certificate files by others that I had generated in 2014 using another tutorial. Ok. I will open a GitHub ticket now. We are working in a project that will have to use OpenSIPS 2.2. Do you know, in an average, how long does it take to have a new ticket solved and closed? Thank you very much for pointing the way of opening a Github ticket! RODRIGO PIMENTA CARVALHO Inatel Competence Center Software Ph: +55 35 3471 9200 RAMAL 979 ________________________________ De: [email protected] <[email protected]> em nome de Liviu Chircu <[email protected]> Enviado: terça-feira, 28 de julho de 2015 10:30 Para: [email protected] Assunto: Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked. Hi Rodrigo, It's just a web portal, you can find it here [1]. Register a new account, open a new issue, describe/explain it as best as you can, and we'll do our best to have it fixed and buried! Many thanks! [1]: https://github.com/OpenSIPS/opensips/issues?q=is%3Aopen+is%3Aissue+label%3Abug Best regards, Liviu Chircu OpenSIPS Developer http://www.opensips-solutions.com On 28.07.2015 15:56, Rodrigo Pimenta Carvalho wrote: Hi Liviu. Your hint has worked. So, could you send me the instructions on how to open a GitHub ticket? I still don't know how to open this, because I'm new on Git. While you send me the instructions, I will try to use old certificate files that I have since 2014, just to see if the issue is about reading or creating the files via OpenSIPS. Many thanks. RODRIGO PIMENTA CARVALHO Inatel Competence Center Software Ph: +55 35 3471 9200 RAMAL 979 ________________________________ De: [email protected]<mailto:[email protected]> <[email protected]><mailto:[email protected]> em nome de Liviu Chircu <[email protected]><mailto:[email protected]> Enviado: terça-feira, 28 de julho de 2015 02:54 Para: [email protected]<mailto:[email protected]> Assunto: Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked. Hi Rodrigo, Could you try to decrypt the key manually (i.e. remove the passphrase), and use the resulting key in OpenSIPS? You can use the following example: cp your_key your_key.bak openssl rsa -in your_key -out new_key If this works for you, could you please open a GitHub ticket? Many thanks! Best regards, Liviu Chircu OpenSIPS Developer http://www.opensips-solutions.com On 28.07.2015 00:34, Rodrigo Pimenta Carvalho wrote: Hi. 1 - I have read and followed all the instructions on page http://www.opensips.org/Documentation/Tutorials-TLS-2-1 . It is about how to set up TLS in OpenSIPS 2.1. Good tutorial for beginners. But, there is no tutorial for it in version 2.2 2 - I have read all the instructions from page http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html . This is the OpenSIPS TLS Module Guide. 3 - Considering all instructions I have learnt today, I wrote the following configuration: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- loadmodule "proto_tls.so" modparam("proto_tls","verify_cert", "1") modparam("proto_tls","require_cert", "0") modparam("proto_tls","tls_method", "tlsv1") #modparam("proto_tls","certificate", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem") # This line was generated automatically, after using the make menuconfig. It works very well. #modparam("proto_tls","private_key", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem") # This line was generated automatically, after using the make menuconfig. It works very well. #modparam("proto_tls","ca_list", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem") # This line was generated automatically, after using the make menuconfig. It works very well. modparam("proto_tls", "certificate", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") # I want to use the files generated by me, following the tutorial on how to set up TLS. No problem here. modparam("proto_tls", "private_key", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem") # File also generated by me, following the tutorial. ERROR here. What is the problem?? modparam("proto_tls", "ca_list", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") # I want to use the files generated by me, following the tutorial on how to set up TLS. No problem here. modparam("proto_tls", "ca_dir", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/") # I want to use the files generated by me, following the tutorial on how to set up TLS. No problem here. ---------------------------------------------------------------------------------------------------------------------------------------------------------------- 4. All paths I'm using in such configuration are real and correct. 5. When I try to run the OpenSIPS, I always got the erro: Jul 27 18:02:02 [13783] WARNING:proto_tls:mod_init: disabling compression due ZLIB problems ... ... Enter passphrase for /home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem: Jul 27 18:02:02 [13783] ERROR:proto_tls:load_private_key: unable to load private key file '/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem'. So, the file cakey.pem cann't be loaded. But, I'm running the OpenSIPS as a superuser. What should I check in my files to verify whether I have made some mistake? To follow the tutorial for version 2.1 and to use the version 2.2 can cause troubles? I tutorial I see "TLSv1" and in the module guide I see "tlsv1". Is the script case sensitive? The issued file is: -rw------- 1 root root 1834 Jul 24 14:54 /home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem. Can it be owned by root user, or must be another one? I have just googled this case and I found same problem for people who was using wrong key file, which I think is not my case. Any hint will be very helpful! Thanks a lot! RODRIGO PIMENTA CARVALHO Inatel Competence Center Software Ph: +55 35 3471 9200 RAMAL 979 _______________________________________________ Users mailing list [email protected]<mailto:[email protected]> http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected]<mailto:[email protected]> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
