Is there any update here ?
*Thanks & Regards* *Sasmita Panda* *Senior Network Testing and Software Engineer* *3CLogic , ph:07827611765* On Fri, Aug 30, 2024 at 5:27 PM Sasmita Panda <[email protected]> wrote: > Hi , > > > for outbound call to a tls gateway I have below configuration for > client_domain > > > modparam("tls_mgm", "client_domain", "dom1") > modparam("tls_mgm", "match_ip_address", "[dom1]*") > modparam("tls_mgm", "tls_method", "[dom1]-TLSv1_2") > modparam("tls_mgm", "certificate", "[dom1]/etc/opensips/tls/3cdomain.crt") > modparam("tls_mgm", "private_key", "[dom1]/etc/opensips/tls/3cdomain.key") > modparam("tls_mgm", "require_cert", "[dom1]0") > modparam("tls_mgm", "verify_cert", "[dom1]0") > > With this configuration when I place an outbound call I am > getting below error in the logs . I don't have the certificate and key of > the next party . How can I authorized this certificate the > provide on opensips end ? > > > > > > > > > > > * NOTICE:tls_openssl:verify_callback: depth = 1, verify failure > NOTICE:tls_openssl:verify_callback: subject = > /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, > Inc./OU=http:\/\/certs.godaddy.com > <http://certs.godaddy.com>\/repository\//CN=Go Daddy Secure Certificate > Authority - G2 NOTICE:tls_openssl:verify_callback: issuer = > /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root > Certificate Authority - G2 NOTICE:tls_openssl:verify_callback: verify > error: unable to get local issuer certificate [error=20] > INFO:tls_openssl:openssl_tls_connect: New TLS connection to 18.169.x.y:5065 > established INFO:tls_openssl:tls_dump_cert_info: tls_connect: server TLS > certificate subject: /CN=*.sftel.yyy.cloud, issuer: > /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, > Inc./OU=http:\/\/certs.godaddy.com > <http://certs.godaddy.com>\/repository\//CN=Go Daddy Secure Certificate > Authority - G2 WARNING:tls_openssl:openssl_tls_connect: TLS server > certificate verification failed > ERROR:tls_openssl:tls_dump_verification_failure: unable to get local issuer > certificate INFO:tls_openssl:tls_dump_cert_info: tls_connect: local TLS > client certificate subject: /CN=*.xxx.com <http://xxx.com>, issuer: > /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=xyz RSA Domain > Validation Secure Server CA* > > *What should I do here ? * > > *Thanks & Regards* > *Sasmita Panda* > *Senior Network Testing and Software Engineer* > *3CLogic , ph:07827611765* > > > On Thu, Aug 29, 2024 at 12:52 PM Sasmita Panda <[email protected]> wrote: > >> Hi All , >> >> I am using opensips 3.2 from very long time . For TLS connection I was >> using our domain specific certificate and private key which was authorized >> by some verified organization . With that my TLS connection with the server >> is getting established and also I am able to get REGISTER and INVITE >> request on the connection . >> >> >> Rather than this , when I build opensips with TLS=1 opensips itself >> creates its own rootCA . If I am using those crt and private key file for >> TLS connection the connection get established but I am not getting any >> request . What can be the reason . >> >> My configuration is like below . >> >> modparam("tls_mgm", "server_domain", "dom3") >> modparam("tls_mgm", "match_ip_address", "[dom3]20.1.x.y:5061") >> modparam("tls_mgm", "match_sip_domain", "[dom3]none") >> # 20.1.x.y this is my servers private IP on which I have configured TLS >> socket . >> modparam("tls_mgm", "tls_method", "[dom3]-TLSv1_2") >> >> modparam("tls_mgm", "certificate", >> "[dom3]/etc/opensips/tls/rootCA/cacert.pem") >> modparam("tls_mgm", "private_key", >> "[dom3]/etc/opensips/tls/rootCA/private/cakey.pem") >> modparam("tls_mgm", "ca_list", >> "[dom3]/etc/opensips/tls/rootCA/certs/01.pem") >> >> modparam("tls_mgm", "require_cert", "[dom3]0") >> modparam("tls_mgm", "verify_cert", "[dom3]1") >> >> In the logs I am getting below message >> >> >> >> *2024-08-29T07:14:59.213460+00:00 ip-20-1-205-63 /sbin/opensips[22895]: >> INFO:tls_openssl:openssl_tls_accept: New TLS connection from x.x.x.x:20219 >> accepted2024-08-29T07:14:59.213866+00:00 ip-20-1-205-63 >> /sbin/opensips[22895]: INFO:tls_openssl:openssl_tls_accept: Client did not >> present a TLS certificate2024-08-29T07:14:59.214064+00:00 ip-20-1-205-63 >> /sbin/opensips[22895]: INFO:tls_openssl:tls_dump_cert_info: tls_accept: >> local TLS server certificate subject: >> /CN=OpenSIPS/ST=opensips.org/C=IP/[email protected]/O=opensips.org >> <http://opensips.org/C=IP/[email protected]/O=opensips.org>, >> issuer: >> /CN=OpenSIPS/ST=opensips.org/C=IP/[email protected]/O=opensips.org >> <http://opensips.org/C=IP/[email protected]/O=opensips.org>* >> >> I have added siptrace and tracing to the DB as well . I am not getting >> any SIP messages on the 2nd case . What can be the reason for this ? This >> is quite critical to me . Please do help. >> >> >> *Thanks & Regards* >> *Sasmita Panda* >> *Senior Network Testing and Software Engineer* >> *3CLogic , ph:07827611765* >> >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
