[OpenSIPS-Users] TLS configuration problems

Jorge Ortea darham at hotmail.com
Tue Mar 13 12:55:21 CET 2012









Hi,

I have OpenSIPS 1.6.4-tls with tls configuration in my opensips.cfg, it is working correctly with my Cisco SIP phones.


/* uncomment the following lines to enable TLS support  (default off) */
disable_tls = no
listen = tls:192.168.1.1:1234
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = SSLv23
# tls_method = TLSv1
tls_certificate = "/usr/local/opensips/etc/tls/user/user-cert.pem"
tls_private_key = "/usr/local/opensips/etc/tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/opensips/etc/tls/user/user-calist.pem"


I want to use Bria softphones but i can't register them. Then I had generated new self-signed certificates and loaded in my PC, but i don't know if it is fine configured. I have done this:

First i have configured  /usr/local/opensips/etc/tls/ca.conf  and  /usr/local/opensips/etc/tls/user.conf


In  ca.conf  i have rewrited:

[ root_ca_distinguished_name ]
commonName          = 192.168.1.1:1234          # please update
stateOrProvinceName = Your_STATE         # please update
countryName         = CO                 # please update
emailAddress        = YOUR_EMAIL         # please update
organizationName    = YOUR_ORG_NAME      # please update


And in user.conf i have rewrited:

[ req ]
prompt = no
distinguished_name = server_distinguished_name
[ server_distinguished_name ]
commonName             = 192.168.1.1:1234               # please update
stateOrProvinceName    = Some State                           # please update
countryName            = XY                                   # please update
emailAddress           = root at somename.somewhere.com          # please update
organizationName       = My Large Organization Name           # please update
organizationalUnitName = My Subunit of Large Organization     # please update


Then I have run:

# /usr/local/opensips/sbin/opensipsctl tls rootCA
# /usr/local/opensips/sbin/opensipsctl tls userCERT user

I introduced the same password, this generated the folders: /usr/local/opensips/etc/tls/rootCA/  and /usr/local/opensips/etc/tls/user/

I copied the file: /usr/local/opensips/etc/tls/rootCA/cacert.pem to my Windows PC and i have loaded it in trusted root certification authorities, is named 192.168.1.1:1234

Before, the error was:

 ERROR:core:tls_print_errstack: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 
 ERROR:core:tls_accept: some error in SSL (ret=-1, err=5, errno=104/Connection reset by peer): 
 ERROR:core:tls_accept: some error in SSL (ret=0, err=1, errno=0/Success):

Now, with this certificate:

 ERROR:core:tls_accept: some error in SSL (ret=0, err=1, errno=0/Success): 
 ERROR:core:tls_print_errstack: error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error 
 ERROR:core:tls_accept: some error in SSL (ret=-1, err=5, errno=104/Connection reset by peer):

But I have not achieved anything, What's happening? What are i doing bad?
 

Thanks.
Regards.
 		 	   		   		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20120313/1dd3c235/attachment.htm>


More information about the Users mailing list