[OpenSIPS-Users] root CA config file (/usr/local//etc/opensips//tls/ca.conf) does not exist
Bogdan-Andrei Iancu
bogdan at opensips.org
Thu Jun 25 14:45:21 CEST 2015
Try to grab 2.1 from the GIT repo and let me know if that works for you.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 25.06.2015 14:05, Nabeel wrote:
>
> I did not download the sources from git; I downloaded directly from
> the OpenSIPS website from this link:
> http://opensips.org/pub/opensips/latest/src/
>
> If git is more reliable, the download links should peehaps point to
> the git repositories.
>
> I am using CentOS 7, if that makes any difference.
>
> On 25 Jun 2015 11:55, "Bogdan-Andrei Iancu" <bogdan at opensips.org
> <mailto:bogdan at opensips.org>> wrote:
>
> Hi,
>
> A fresh installation of 2.1 (sources from GIT) produces:
>
> $ ls -laR /tmp/opensips_test/etc/opensips/tls/
> /tmp/opensips_test/etc/opensips/tls/:
> total 32
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 .
> drwx------ 3 bogdan bogdan 4096 iun 25 13:29 ..
> -rw-r--r-- 1 bogdan bogdan 2049 iun 25 13:29 ca.conf
> -rw-r--r-- 1 bogdan bogdan 1048 iun 25 13:29 README
> -rw-r--r-- 1 bogdan bogdan 1127 iun 25 13:29 request.conf
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 rootCA
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 user
> -rw-r--r-- 1 bogdan bogdan 591 iun 25 13:29 user.conf
>
> /tmp/opensips_test/etc/opensips/tls/rootCA:
> total 28
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 .
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 ..
> -rw-r--r-- 1 bogdan bogdan 1338 iun 25 13:29 cacert.pem
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 certs
> -rw-r--r-- 1 bogdan bogdan 135 iun 25 13:29 index.txt
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 private
> -rw-r--r-- 1 bogdan bogdan 3 iun 25 13:30 serial
>
> /tmp/opensips_test/etc/opensips/tls/rootCA/certs:
> total 12
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 ..
> -rw-r--r-- 1 bogdan bogdan 3023 iun 25 13:30 01.pem
>
> /tmp/opensips_test/etc/opensips/tls/rootCA/private:
> total 12
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 ..
> -rw-r--r-- 1 bogdan bogdan 1834 iun 25 13:30 cakey.pem
>
> /tmp/opensips_test/etc/opensips/tls/user:
> total 24
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 ..
> -rw-r--r-- 1 bogdan bogdan 1338 iun 25 13:30 user-calist.pem
> -rw-r--r-- 1 bogdan bogdan 3023 iun 25 13:30 user-cert.pem
> -rw-r--r-- 1 bogdan bogdan 530 iun 25 13:30 user-cert_req.pem
> -rw-r--r-- 1 bogdan bogdan 526 iun 25 13:30 user-privkey.pem
>
>
> All the TLS files seems to be in place. For 2.1 there is no
> specific switch for TLS, it is by default present, there is not
> need for extra options or env variables. Just to "make install"
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 25.06.2015 03:03, Nabeel wrote:
>> I just installed version 1.11.5 of OpenSIPS and this version does
>> have all the TLS files included. I should have downloaded this
>> version all along because version 2.1 clearly needs to be fixed.
>>
>> On 25 June 2015 at 00:36, Nabeel <nabeelshikder at gmail.com
>> <mailto:nabeelshikder at gmail.com>> wrote:
>>
>> Where are the 'example' openssl certificates as mentioned in
>> the link above? In the source files folder, there is no
>> /etc/tls folder, and there are no example certificates in the
>> [source]/examples folder either.
>>
>> On 25 June 2015 at 00:26, Nabeel <nabeelshikder at gmail.com
>> <mailto:nabeelshikder at gmail.com>> wrote:
>>
>> I tried installing OpenSIPS two more times, once through
>> the menuconfig interface with TLS enabled, and another
>> time with "TLS=1 make install" command. Both times, the
>> /etc/opensips/tls directory only has empty directories,
>> with no files inside. The following directories are
>> created with no files inside:
>>
>> [installdirectory]/etc/opensips/tls
>> [installdirectory]/etc/opensips/tls/rootCA
>> [installdirectory]/etc/opensips/tls/user
>> [installdirectory]/etc/opensips/tls/rootCA/certs
>> [installdirectory]/etc/opensips/tls/rootCA/private
>>
>> All these directories are empty? Is this normal?
>>
>> At the following link I see someone refer to an OpenSIPS
>> source which has tls included "opensips-1.9.1-tls". Is
>> this a specific source tarball with TLS enabled? Is
>> there one for version 2.1?
>>
>> https://github.com/antonraharja/book-opensips-101/blob/master/content/3.2.%20SIP%20TLS%20Secure%20Calling.mediawiki
>>
>>
>>
>> On 24 June 2015 at 15:30, Bogdan-Andrei Iancu
>> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>>
>> Hi,
>>
>> What OpenSIPS version do you have ? also, note that
>> you need also to install OpenSIPS with the TLS option
>> on, otherwise the tls directory will not be created.
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>>
>> On 24.06.2015 17:14, Nabeel wrote:
>>>
>>> # opensipsctl tls rootCA
>>> ERROR: root CA config file
>>> (/usr/local//etc/opensips//tls/ca.conf) does not exist
>>>
>>> In fact, that whole tls directory is empty, even
>>> though my OpenSIPS instance has been compiled with
>>> tls support. Where can I download the CA files?
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150625/1e380e87/attachment-0001.htm>
More information about the Users
mailing list