Hi Mark,
Can you post the actual errors that you get in the OpenSIPS logs, if
that is the case?
Regards,
--
Vlad Patrascu
OpenSIPS Developer
http://www.opensips-solutions.com
On 16.11.2020 11:04, Mark Farmer wrote:
Good morning all
Can anyone clarify whether the TLS domain in SAN is supported or not
please?
Many thanks
Mark.
On Fri, 13 Nov 2020 at 15:59, Kevin Vines <kevin.vi...@gmail.com
<mailto:kevin.vi...@gmail.com>> wrote:
You got me there... the doc states
OpenSIPS offers SIP service for multiple
219 domains, e.g.atlanta.com <http://atlanta.com> andbiloxi.com
<http://biloxi.com>. Altough both domains
220 will be hosted on a single SIP proxy, the SIP proxy needs 2
221 certificates: One foratlanta.com <http://atlanta.com> and one
forbiloxi.com <http://biloxi.com>. For
222 incoming TLS connections
If you need one cert per domain, maybe it implies that you need to
have the domain as the CN instead of a SAN?
Kevin
*From:* farm...@gmail.com <mailto:farm...@gmail.com>
*Sent:* November 13, 2020 10:43 a.m.
*To:* users@lists.opensips.org <mailto:users@lists.opensips.org>
*Reply to:* users@lists.opensips.org <mailto:users@lists.opensips.org>
*Subject:* Re: [OpenSIPS-Users] Teams TLS Error
OK so now I have this:
modparam("tls_mgm","certificate", "[my.domain.name
<http://my.domain.name>]/usr/local/etc/opensips/tls/myCert.pem
<http://myCert.pem>")
modparam("tls_mgm","private_key", "[my.domain.name
<http://my.domain.name>]/usr/local/etc/opensips/tls/myKey.key
<http://myKey.key>")
modparam("tls_mgm","ca_dir", "/etc/ssl/certs")
modparam("tls_mgm","verify_cert", "[my.domain.name
<http://my.domain.name>]1")
modparam("tls_mgm","require_cert", "[my.domain.name
<http://my.domain.name>]1")
modparam("tls_mgm","tls_method", "[my.domain.name
<http://my.domain.name>]TLSv1_2")
modparam("tls_mgm", "match_sip_domain", "my.domain.name
<http://my.domain.name>")
But now it claims that my.domain.name <http://my.domain.name> is
not defined in myCert.pem <http://myCert.pem>
I know it is - it is in a SAN within the certificate.
Any suggestions?
Many thanks
Mark.
On Fri, 13 Nov 2020 at 15:12, Kevin Vines <kevin.vi...@gmail.com
<mailto:kevin.vi...@gmail.com>> wrote:
Hi Mark,
Based on some googling it looks like you need to specify the
domain eg:
modparam("tls_mgm","verify_cert", "[domain.com
<http://domain.com>]1")
https://fossies.org/linux/opensips/modules/tls_mgm/README
Kevin
*From:* farm...@gmail.com <mailto:farm...@gmail.com>
*Sent:* November 13, 2020 9:49 a.m.
*To:* users@lists.opensips.org <mailto:users@lists.opensips.org>
*Reply to:* users@lists.opensips.org
<mailto:users@lists.opensips.org>
*Subject:* [OpenSIPS-Users] Teams TLS Error
Hi everyone
OpenSIPS 3.1.0
I am following the OpenSIPS as Teams SBC guide and have added
the TLS config:
modparam("tls_mgm","verify_cert", "1")
modparam("tls_mgm","require_cert", "1")
modparam("tls_mgm","tls_method", "TLSv1_2")
modparam("tls_mgm","certificate",
"/usr/local/etc/opensips/tls/myCert.pem <http://myCert.pem>")
modparam("tls_mgm","private_key",
"/usr/local/etc/opensips/tls/myKey.key <http://myKey.key>")
modparam("tls_mgm", "ca_dir", "/etc/ssl/certs")
But I am seeing a TLS domain error:
Nov 13 14:36:50 [175314] ERROR:tls_mgm:split_param_val: No TLS
domain name
Nov 13 14:36:50 [175314] Traceback (last included file at the
bottom):
Nov 13 14:36:50 [175314] 0.
/usr/local//etc/opensips/opensips.cfg <http://opensips.cfg>
Nov 13 14:36:50 [175314] CRITICAL:core:yyerror: parse error in
/usr/local//etc/opensips/opensips.cfg:191
<http://opensips.cfg:191>:19-20: Parameter <verify_cert> not
found in module <tls_mgm> - can't set
Nov 13 14:36:50 [175314] #modparam("tls_mgm", "require_cert",
"[dom4]1")
Nov 13 14:36:50 [175314]
Nov 13 14:36:50 [175314] modparam("tls_mgm","verify_cert", "1")
Nov 13 14:36:50 [175314] ^~
Nov 13 14:36:50 [175314] modparam("tls_mgm","require_cert", "1")
Nov 13 14:36:50 [175314] modparam("tls_mgm","tls_method",
"TLSv1_2")
Nov 13 14:36:50 [175314] DBG:core:set_mod_param_regex: tls_mgm
matches module tls_mgm
Nov 13 14:36:50 [175314] DBG:core:set_mod_param_regex: found
<require_cert> in module tls_mgm
[/usr/local/lib64/opensips/modules/]
Nov 13 14:36:50 [175314] ERROR:tls_mgm:split_param_val: No TLS
domain name
Can anyone tell me what I might be missing please?
Many thanks
Mark.
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Mark Farmer
farm...@gmail.com <mailto:farm...@gmail.com>
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Mark Farmer
farm...@gmail.com <mailto:farm...@gmail.com>
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users