Hey guys,
I am struggling to make OpenSIPS 3 work with TLS. I tried various different
ways to make this work but getting the same errors. SSL certs are generated via
let's encrypt. Here is my config for tls_mgm module -
#### TLS Management Module
loadmodule "tls_mgm.so"
# Server defination
modparam("tls_mgm", "server_domain", "voip.securevoip.io")
modparam("tls_mgm", "match_ip_address",
"[voip.securevoip.io]155.138.204.212:5061")
modparam("tls_mgm", "match_sip_domain", "[voip.securevoip.io]*")
modparam("tls_mgm", "ca_dir",
"[voip.securevoip.io]/usr/local/etc/opensips/tls/")
modparam("tls_mgm","verify_cert", "[voip.securevoip.io]1")
modparam("tls_mgm","require_cert", "[voip.securevoip.io]1")
modparam("tls_mgm","tls_method", "[voip.securevoip.io]TLSv1_2")
modparam("tls_mgm","certificate",
"[voip.securevoip.io]/usr/local/etc/opensips/tls/cert.pem")
modparam("tls_mgm","private_key",
"[voip.securevoip.io]/usr/local/etc/opensips/tls/privkey.pem")
modparam("tls_mgm","ca_list",
"[voip.securevoip.io]/usr/local/etc/opensips/tls/fullchain.pem")
modparam("tls_mgm", "tls_handshake_timeout", 300)
# Client domain defination
modparam("tls_mgm", "client_domain", "securevoip.io")
modparam("tls_mgm", "match_ip_address", "[securevoip.io]*")
modparam("tls_mgm", "match_sip_domain", "[securevoip.io]*")
modparam("tls_mgm", "ca_dir", "[securevoip.io]/usr/local/etc/opensips/tls/")
modparam("tls_mgm","verify_cert", "[securevoip.io]1")
modparam("tls_mgm","require_cert", "[securevoip.io]1")
modparam("tls_mgm","tls_method", "[securevoip.io]TLSv1_2")
modparam("tls_mgm","certificate",
"[securevoip.io]/usr/local/etc/opensips/tls/cert.pem")
modparam("tls_mgm","private_key",
"[securevoip.io]/usr/local/etc/opensips/tls/privkey.pem")
I am getting these erros -
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
NOTICE:tls_mgm:verify_callback: depth = 1, verify failure
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
NOTICE:tls_mgm:verify_callback: subject =
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft
IT/CN=Microsoft IT TLS CA 4
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
NOTICE:tls_mgm:verify_callback: issuer =
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
NOTICE:tls_mgm:verify_callback: verify error: unable to get local issuer
certificate [error=20]
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
ERROR:proto_tls:tls_connect: New TLS connection to 52.114.132.46:5061 failed
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
ERROR:proto_tls:tls_connect: TLS error: 1 (ret=-1) err=Success(0)
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verif
I would really appreciate if someone can help me out here.
Thank you_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
