Hi, You are getting the message "self signed certificate in certificate chain" because you haven't included your server's root certificate in the command, with either -CApath or -CAfile option, for example add the following to the command: -CApath /etc/ssl/certs
Then the response you receive should look like the following: Start Time: 1438129754 Timeout : 300 (sec) Verify return code: 0 (ok) On 28 July 2015 at 20:12, Rodrigo Pimenta Carvalho <[email protected]> wrote: > Hi. > > I have followed the tutorial about setting up the TLS. ( > http://www.opensips.org/Documentation/Tutorials-TLS-2-1 ). Then, I have > run the command: " > > openssl s_client -showcerts -debug -connect <your-ip-address>:<port> -no_ssl2 > -bugs", to test the handshake. > > But, what is an example of result for this command, telling me that > everything is ok? > > I got: > > CONNECTED(00000003) > ... > ... > ... > verify error:num=19:self signed certificate in certificate chain > verify return:0 > .. > .. > .. > --- > No client certificate CA names sent > --- > SSL handshake has read 1567 bytes and written 285 bytes > --- > New, TLSv1/SSLv3, Cipher is AES256-SHA > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1 > Cipher : AES256-SHA > Session-ID: > Session-ID-ctx: > Master-Key: > 90D6174E13EFDF2317B8F24D0AEBC5A56C3633D7DFC1BF8ADF186672CD9F26B5D812BE595775DFE6416C31DDE736D217 > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1438110339 > Timeout : 300 (sec) > Verify return code: 19 (self signed certificate in certificate chain) > > So, did the handshake work? If not, what might be wrong? > Any hint will be very helpful! > > Best Regards. > > > RODRIGO PIMENTA CARVALHO > Inatel Competence Center > Software > Ph: +55 35 3471 9200 RAMAL 979 > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
