[OpenSIPS-Users] root CA config file (/usr/local//etc/opensips//tls/ca.conf) does not exist
Bogdan-Andrei Iancu
bogdan at opensips.org
Thu Jun 25 12:54:55 CEST 2015
Hi,
A fresh installation of 2.1 (sources from GIT) produces:
$ ls -laR /tmp/opensips_test/etc/opensips/tls/
/tmp/opensips_test/etc/opensips/tls/:
total 32
drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 .
drwx------ 3 bogdan bogdan 4096 iun 25 13:29 ..
-rw-r--r-- 1 bogdan bogdan 2049 iun 25 13:29 ca.conf
-rw-r--r-- 1 bogdan bogdan 1048 iun 25 13:29 README
-rw-r--r-- 1 bogdan bogdan 1127 iun 25 13:29 request.conf
drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 rootCA
drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 user
-rw-r--r-- 1 bogdan bogdan 591 iun 25 13:29 user.conf
/tmp/opensips_test/etc/opensips/tls/rootCA:
total 28
drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 .
drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 ..
-rw-r--r-- 1 bogdan bogdan 1338 iun 25 13:29 cacert.pem
drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 certs
-rw-r--r-- 1 bogdan bogdan 135 iun 25 13:29 index.txt
drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 private
-rw-r--r-- 1 bogdan bogdan 3 iun 25 13:30 serial
/tmp/opensips_test/etc/opensips/tls/rootCA/certs:
total 12
drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 ..
-rw-r--r-- 1 bogdan bogdan 3023 iun 25 13:30 01.pem
/tmp/opensips_test/etc/opensips/tls/rootCA/private:
total 12
drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 ..
-rw-r--r-- 1 bogdan bogdan 1834 iun 25 13:30 cakey.pem
/tmp/opensips_test/etc/opensips/tls/user:
total 24
drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 ..
-rw-r--r-- 1 bogdan bogdan 1338 iun 25 13:30 user-calist.pem
-rw-r--r-- 1 bogdan bogdan 3023 iun 25 13:30 user-cert.pem
-rw-r--r-- 1 bogdan bogdan 530 iun 25 13:30 user-cert_req.pem
-rw-r--r-- 1 bogdan bogdan 526 iun 25 13:30 user-privkey.pem
All the TLS files seems to be in place. For 2.1 there is no specific
switch for TLS, it is by default present, there is not need for extra
options or env variables. Just to "make install"
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 25.06.2015 03:03, Nabeel wrote:
> I just installed version 1.11.5 of OpenSIPS and this version does have
> all the TLS files included. I should have downloaded this version all
> along because version 2.1 clearly needs to be fixed.
>
> On 25 June 2015 at 00:36, Nabeel <nabeelshikder at gmail.com
> <mailto:nabeelshikder at gmail.com>> wrote:
>
> Where are the 'example' openssl certificates as mentioned in the
> link above? In the source files folder, there is no /etc/tls
> folder, and there are no example certificates in the
> [source]/examples folder either.
>
> On 25 June 2015 at 00:26, Nabeel <nabeelshikder at gmail.com
> <mailto:nabeelshikder at gmail.com>> wrote:
>
> I tried installing OpenSIPS two more times, once through the
> menuconfig interface with TLS enabled, and another time with
> "TLS=1 make install" command. Both times, the
> /etc/opensips/tls directory only has empty directories, with
> no files inside. The following directories are created with
> no files inside:
>
> [installdirectory]/etc/opensips/tls
> [installdirectory]/etc/opensips/tls/rootCA
> [installdirectory]/etc/opensips/tls/user
> [installdirectory]/etc/opensips/tls/rootCA/certs
> [installdirectory]/etc/opensips/tls/rootCA/private
>
> All these directories are empty? Is this normal?
>
> At the following link I see someone refer to an OpenSIPS
> source which has tls included "opensips-1.9.1-tls". Is this a
> specific source tarball with TLS enabled? Is there one for
> version 2.1?
>
> https://github.com/antonraharja/book-opensips-101/blob/master/content/3.2.%20SIP%20TLS%20Secure%20Calling.mediawiki
>
>
>
> On 24 June 2015 at 15:30, Bogdan-Andrei Iancu
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
> Hi,
>
> What OpenSIPS version do you have ? also, note that you
> need also to install OpenSIPS with the TLS option on,
> otherwise the tls directory will not be created.
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 24.06.2015 17:14, Nabeel wrote:
>>
>> # opensipsctl tls rootCA
>> ERROR: root CA config file
>> (/usr/local//etc/opensips//tls/ca.conf) does not exist
>>
>> In fact, that whole tls directory is empty, even though
>> my OpenSIPS instance has been compiled with tls support.
>> Where can I download the CA files?
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150625/1e879cd9/attachment.htm>
More information about the Users
mailing list