Re: [OpenSIPS-Users] Problems reloading TLS certs.

Thu, 20 Nov 2025 02:32:15 -0800 

Hi Ryan,
Should I understand the version here https://github.com/OpenSIPS/opensips/pull/3760 is quite some final, working one ? 

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
  https://www.siphub.com

On 15.11.2025 01:07, Ryan Bullock wrote:

Initial testing looks ok. You can see the patchset here 
https://github.com/rrb3942/opensips/tree/tls_mgm_reload



On Thu, Nov 13, 2025 at 3:56 PM Matthew Schumacher <[email protected]> wrote:

    That’s helpful.  If you message me the patch when you have it, I
    can help test.


    On Nov 13, 2025, at 9:39 AM, Ryan Bullock <[email protected]> wrote:

    
    Hey Matt,

    OpenSIPs currently only supports tls_reload for domains managed
    in a database. Coincidentally I started a patch set earlier this
    week to allow reloading the keys, certificates, etc for domains
    defined in the config script. No ETA on a pull request yet, it is
    still in testing mode.

    On Wed, Nov 12, 2025 at 10:00 PM Matthew Schumacher
    <[email protected]> wrote:

        Hello All,

        I have a 3.2 server where I can't reload certs.  Is this
        because I'm not
        storing the certs in a database?  How can I work around this?
        The server
        is never idle enough for me to restart and my cert expires in
        a few
        days.  Am I forced to kick people off to restart? Also, is
        there a way
        to tell opensips to not accept any new calls? I'm not sure
        how much that
        will help, but it would be good to know.

        Thanks!


        root@sbc:/etc/opensips# opensips-cli -f
        /etc/opensips/opensips-cli.cfg
        -x mi tls_reload
        ERROR: command 'tls_reload' returned: 500: DB url not set

        root@sbc:/etc/opensips# opensips-cli -f
        /etc/opensips/opensips-cli.cfg
        -x mi tls_list
        {
             "Domains": [
                 {
                     "name": "client",
                     "type": "TLS_DOMAIN_CLI",
                     "IP ADDRESS FILTERS": [
                         "*"
                     ],
                     "SIP DOMAIN FILTERS": [
                         "*"
                     ],
                     "METHOD": "TLSv1_2",
                     "VERIFY_CERT": true,
                     "REQ_CLI_CERT": false,
                     "CRL_CHECKALL": false,
                     "CERT_FILE":
        "/etc/ssl/certs/siptrunk_domain_net.crt",
                     "CRL_DIR": "",
                     "CA_FILE": "/etc/ssl/certs/ca-certificates.crt",
                     "CA_DIR": "/etc/pki/CA/",
                     "PKEY_FILE":
        "/etc/ssl/certs/siptrunk_domain_net.key",
                     "CIPHER_LIST": "",
                     "DH_PARAMS_FILE": "",
                     "EC_CURVE": ""
                 },
                 {
                     "name": "server",
                     "type": "TLS_DOMAIN_SRV",
                     "IP ADDRESS FILTERS": [
                         "x.x.x.x:5061",
                         "y.y.y.y:5061"
                     ],
                     "SIP DOMAIN FILTERS": [
                         "*"
                     ],
                     "METHOD": "TLSv1_2",
                     "VERIFY_CERT": false,
                     "REQ_CLI_CERT": true,
                     "CRL_CHECKALL": false,
                     "CERT_FILE":
        "/etc/ssl/certs/siptrunk_domain_net.crt",
                     "CRL_DIR": "",
                     "CA_FILE": "/etc/ssl/certs/ca-certificates.crt",
                     "CA_DIR": "/etc/pki/CA/",
                     "PKEY_FILE":
        "/etc/ssl/certs/siptrunk_domain_net.key",
                     "CIPHER_LIST": "ALL:!aNULL:!eNULL:!MD5:!RC4",
                     "DH_PARAMS_FILE": "",
                     "EC_CURVE": ""
                 }
             ]
        }

        _______________________________________________
        Users mailing list
        [email protected]
        http://lists.opensips.org/cgi-bin/mailman/listinfo/users

    _______________________________________________
    Users mailing list
    [email protected]
    http://lists.opensips.org/cgi-bin/mailman/listinfo/users

    _______________________________________________
    Users mailing list
    [email protected]
    http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






















					Reply via email to