[OpenSIPS-Users] Someone known about TLS configuration with softphones ?
Jorge Ortea
darham at hotmail.com
Wed Mar 14 09:45:39 CET 2012
Hi,
I have OpenSIPS 1.6.4-tls with tls configuration in my opensips.cfg, it is working correctly with my Cisco SIP phones.
/* uncomment the following lines to enable TLS support (default off) */
disable_tls = no
listen = tls:192.168.1.1:1234
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = SSLv23
# tls_method = TLSv1
tls_certificate = "/usr/local/opensips/etc/tls/user/user-cert.pem"
tls_private_key = "/usr/local/opensips/etc/tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/opensips/etc/tls/user/user-calist.pem"
I want to use Bria softphones but i can't register them. Then I had generated new self-signed certificates and loaded in my PC, but i don't know if it is fine configured. I have done this:
First i have configured /usr/local/opensips/etc/tls/ca.conf and /usr/local/opensips/etc/tls/user.conf
In ca.conf i have rewrited:
[ root_ca_distinguished_name ]
commonName = 192.168.1.1:1234 # please update
stateOrProvinceName = Your_STATE # please update
countryName = CO # please update
emailAddress = YOUR_EMAIL # please update
organizationName = YOUR_ORG_NAME # please update
And in user.conf i have rewrited:
[ req ]
prompt = no
distinguished_name = server_distinguished_name
[ server_distinguished_name ]
commonName = 192.168.1.1:1234 # please update
stateOrProvinceName = Some State # please update
countryName = XY # please update
emailAddress = root at somename.somewhere.com # please update
organizationName = My Large Organization Name # please update
organizationalUnitName = My Subunit of Large Organization # please update
Then I have run:
# /usr/local/opensips/sbin/opensipsctl tls rootCA
# /usr/local/opensips/sbin/opensipsctl tls userCERT user
I introduced the same password, this generated the folders: /usr/local/opensips/etc/tls/rootCA/ and /usr/local/opensips/etc/tls/user/
I copied the file: /usr/local/opensips/etc/tls/rootCA/cacert.pem to my Windows PC and i have loaded it in trusted root certification authorities, is named 192.168.1.1:1234
Before, the error was:
ERROR:core:tls_print_errstack: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
ERROR:core:tls_accept: some error in SSL (ret=-1, err=5, errno=104/Connection reset by peer):
ERROR:core:tls_accept: some error in SSL (ret=0, err=1, errno=0/Success):
Now, with this certificate:
ERROR:core:tls_accept: some error in SSL (ret=0, err=1, errno=0/Success):
ERROR:core:tls_print_errstack: error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error
ERROR:core:tls_accept: some error in SSL (ret=-1, err=5, errno=104/Connection reset by peer):
But I have not achieved anything, What's happening? What are i doing bad?
Thanks.
Regards.
_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20120314/cee72f6a/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001
URL: <http://lists.opensips.org/pipermail/users/attachments/20120314/cee72f6a/attachment.asc>
More information about the Users
mailing list