Re: [OpenSIPS-Users] TLS verify client

Wed, 04 Jan 2023 09:43:44 -0800 

Right, but in the new cfg you should have


modparam("tls_mgm", "require_cert", "[dom2]0")

and not "1"

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Bootcamp 5-16 Dec 2022, online
  https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/

On 1/4/23 2:59 AM, L S wrote:

Hi Bogdan,

This worked for us:

server verify_cert=0
server require_cert=1
client verify_cert=1
client require_cert=1

Thanks.
On Tue, Jan 3, 2023, 2:07 PM Bogdan-Andrei Iancu <bog...@opensips.org <mailto:bog...@opensips.org>> wrote: 

    Hi Matt,

    I guess the "require_cert" should 0 for both domains, right ?

    Regards,

    Bogdan-Andrei Iancu

    OpenSIPS Founder and Developer
       https://www.opensips-solutions.com  <https://www.opensips-solutions.com>
    OpenSIPS Bootcamp 5-16 Dec 2022, online
       https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/  
<https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/>

    On 12/23/22 9:55 PM, L S wrote:

    Hi,
    We are upgrading from 1.11.5 tls to 3.2.9. In 1.11 we had issues
    with the client certificate so we had to set the following:

    # 1.11 parameters
    tls_verify_server = 1
    tls_verify_client = 0 tls_require_client_certificate = 0

    TLS works fine for us with those settings. Now we are trying to
    migrate them to 3.2.9 and having issues. Just wanted to confirm
    if the following is correct way to migrate those parameters to
    3.2? (Just included those parameters - the domains are set up
    correctly)

    Server domain
    modparam("tls_mgm", "verify_cert", "[dom1]0")
    modparam("tls_mgm", "require_cert", "[dom1]0")

    Client domain
    modparam("tls_mgm", "verify_cert", "[dom2]1")
    modparam("tls_mgm", "require_cert", "[dom2]1")

    Thanks,
    Matt

    _______________________________________________
    Users mailing list
    Users@lists.opensips.org  <mailto:Users@lists.opensips.org>
    http://lists.opensips.org/cgi-bin/mailman/listinfo/users  
<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>





_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to