Hello,
I'll paste a working 3.4 config of TLS from my project, hope you can
adopt this one
loadmodule "proto_tls.so"
modparam("proto_tls", "tls_port", TLS_PORT)
modparam("proto_tls", "tls_handshake_timeout", 3000)
modparam("proto_tls", "tls_send_timeout", 3000)
modparam("proto_tls", "tls_async_local_connect_timeout", 3000)
modparam("proto_tls", "tls_async_handshake_timeout", 3000)
# WebSocket part
loadmodule "proto_wss.so"
modparam("proto_wss", "wss_handshake_timeout", 3000)
modparam("proto_wss", "wss_tls_handshake_timeout", 3000)
modparam("proto_wss", "require_origin", no)
loadmodule "tls_openssl.so"
loadmodule "tls_mgm.so"
modparam("tls_mgm", "client_domain", "client")
modparam("tls_mgm", "certificate",
"[client]/etc/ssl/certs/ssl-cert-snakeoil.pem")
modparam("tls_mgm", "private_key",
"[client]/etc/ssl/private/ssl-cert-snakeoil.key")
modparam("tls_mgm", "ca_list", "[client]/etc/ssl/certs/ca-certificates.crt")
modparam("tls_mgm", "verify_cert", "[client]0")
modparam("tls_mgm", "require_cert", "[client]0")
modparam("tls_mgm", "server_domain", "server")
modparam("tls_mgm", "certificate",
"[server]/etc/ssl/certs/ssl-cert-snakeoil.pem")
modparam("tls_mgm", "private_key",
"[server]/etc/ssl/private/ssl-cert-snakeoil.key")
modparam("tls_mgm", "ca_list", "[server]/etc/ssl/certs/ca-certificates.crt")
modparam("tls_mgm", "verify_cert", "[server]0")
modparam("tls_mgm", "require_cert", "[server]0")
Le 13/06/2024 à 00:49, Pa Ka a écrit :
Hello Team, sorry to bother you again, opensips ssl certificate are
not working on port 5061. I check with an SSL Checker and returns *No
SSL certificates were found on [server:5061]*
I’m using version 3.2.18 (it was the same issue with 3.4.5)
certificate are generated with letsencrypt
This is the modparam
modparam("tls_mgm","tls_library", "openssl")
modparam("tls_mgm","server_domain", "dom")
modparam("tls_mgm","match_ip_address", "[dom]*")
modparam("tls_mgm","verify_cert", "[dom]1")
modparam("tls_mgm","require_cert", "[dom]1")
modparam("tls_mgm","tls_method", "[dom]-TLSv1_2")
modparam("tls_mgm","certificate",
"[dom]/etc/opensips/tls/user/user-cert.pem")
modparam("tls_mgm","private_key",
"[dom]/etc/opensips/tls/user/user-privkey.pem")
modparam("tls_mgm","ca_list",
"[dom]/etc/opensips/tls/user/user-calist.pem")
modparam("tls_mgm", "require_cert", "1")
modparam("tls_mgm", "verify_cert", "1")
I tried this
modparam("tls_mgm","certificate",
"[dom]/etc/letsencrypt/live/domain/fullchain.pem")
modparam("tls_mgm","private_key",
"[dom]/etc/letsencrypt/live/domain/privkey.pem")
modparam("tls_mgm","ca_list",
"[dom]/etc/letsencrypt/live/domain/chain.pem")
but returns permission error message and couldn’t start opensips (even
if I set the permission of all files in etc/letsencryt to opensips
user and group as well.)
Thank you. P.K
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
