[OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked.

Rodrigo Pimenta Carvalho pimenta at inatel.br
Mon Jul 27 23:34:12 CEST 2015


Hi.


1 - I have read and followed all the instructions on page http://www.opensips.org/Documentation/Tutorials-TLS-2-1 . It is about how to set up TLS in OpenSIPS 2.1. Good tutorial for beginners. But, there is no tutorial for it in version 2.2

2 - I have read all the instructions from page http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html . This is the OpenSIPS TLS Module Guide.


3 - Considering all instructions I have learnt today, I wrote the following configuration:


----------------------------------------------------------------------------------------------------------------------------------------------------------------


loadmodule "proto_tls.so"

modparam("proto_tls","verify_cert", "1")
modparam("proto_tls","require_cert", "0")
modparam("proto_tls","tls_method", "tlsv1")

#modparam("proto_tls","certificate", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem")                # This line was generated automatically, after using the make menuconfig. It works very well.
#modparam("proto_tls","private_key", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem")       # This line was generated automatically, after using the make menuconfig. It works very well.
#modparam("proto_tls","ca_list", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem")                   # This line was generated automatically, after using the make menuconfig. It works very well.


 modparam("proto_tls", "certificate", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem")                            # I want to use the files generated by me, following the tutorial on how to set up TLS. No problem here.
 modparam("proto_tls", "private_key", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem")            # File also generated by me, following the tutorial. ERROR here.  What is the problem??
 modparam("proto_tls", "ca_list", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem")                                  # I want to use the files generated by me, following the tutorial on how to set up TLS. No problem here.
 modparam("proto_tls", "ca_dir", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/")                                                      # I want to use the files generated by me, following the tutorial on how to set up TLS. No problem here.


----------------------------------------------------------------------------------------------------------------------------------------------------------------


4. All paths I'm using in such configuration are real and correct.


5. When I try to run the OpenSIPS, I always got the erro:


Jul 27 18:02:02 [13783] WARNING:proto_tls:mod_init: disabling compression due ZLIB problems

...

...

Enter passphrase for /home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem:
Jul 27 18:02:02 [13783] ERROR:proto_tls:load_private_key: unable to load private key file '/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem'.


So, the file cakey.pem cann't be loaded. But, I'm running the OpenSIPS as a superuser.



What should I check in my files to verify whether  I have made some mistake?

To follow the tutorial for version 2.1 and to use the version 2.2 can cause troubles? I tutorial I see "TLSv1" and in the module guide I see "tlsv1". Is the script case sensitive?


The issued file is: -rw------- 1 root root 1834 Jul 24 14:54 /home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem. Can it be owned by root user, or must be another one?


I have just googled this case and I found same problem for people who was using wrong key file, which I think is not my case.


Any hint will be very helpful!


Thanks a lot!



RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150727/b5da3314/attachment-0001.htm>


More information about the Users mailing list