[OpenSIPS-Users] Can't get TLS working

Duane Larson duane.larson at gmail.com
Mon Apr 30 07:48:00 CEST 2012


I've read the TLS tutorial
http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html


I can't get a snom or counterpath phone to register at all over TLS.  I'm
not sure what is wrong.  The only errors I see when I start OpenSIPS are
Apr 30 00:08:27 SIPProxy01 opensips: WARNING:core:init_tls: disabling
compression due ZLIB problems
Apr 30 00:08:27 SIPProxy01 opensips: INFO:core:init_tls_domains: Processing
TLS domain [0.0.0.0:0]
Apr 30 00:08:27 SIPProxy01 opensips: WARNING:core:init_ssl_ctx_behavior:
client verification NOT activated. Weaker security.
Apr 30 00:08:27 SIPProxy01 opensips: INFO:core:init_tls_domains: Processing
TLS domain [0.0.0.0:0]
Apr 30 00:08:27 SIPProxy01 opensips: WARNING:core:init_ssl_ctx_behavior:
server verification NOT activated. Weaker security.
Apr 30 00:08:27 SIPProxy01 /usr/local/sbin/opensips[11060]:
NOTICE:core:main: version: opensips 1.8.0-dev0-tls (x86_64/linux)


To get the client cert to work with Snom I had to change the cacert.pem to
a .der file.  So I did
sudo openssl x509 -in cacert.pem -out cacert.der -outform DER


For my config I have the following.

disable_tls = no
listen = tls:50.XX.XX.156:5061
tls_verify_server = 0
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = TLSv1
#tls_method = SSLv23
tls_certificate = "/usr/local/etc/opensips/tls/user/user-cert.pem"
tls_private_key = "/usr/local/etc/opensips/tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/opensips/tls/user/user-calist.pem"





More information about the Users mailing list