[OpenSIPS-Users] TLS calls not working

Rutu Patel rutu.patel at ecosmob.com
Tue Feb 27 02:16:37 EST 2018 

Hi All,

I have installed opensips-2.3.2 on centos and followed
https://www.opensips.org/Documentation/Tutorials-TLS-2-1  AND
http://www.opensips.org/html/docs/modules/2.3.x/tls_mgm.html
to generate self-signed certificates and TLS setup.

I want to achieve scenario
asterisk(TLS) -> opensips(TLS) -> asterisk(TLS)

What should be the certificate settings for this kind of setup?

My opensips.cfg configurations for TLS are as below:

modparam("proto_udp", "udp_port", 5060)

modparam("tls_mgm", "verify_cert", "1")
modparam("tls_mgm", "require_cert", "0")
modparam("tls_mgm", "tls_method", "TLSv1")


modparam("tls_mgm", "certificate",
"/usr/local/etc/opensips/tls_cnf/tls/rootCA/cacert.pem")
modparam("tls_mgm", "private_key",
"/usr/local/etc/opensips/tls_cnf/tls/rootCA/private/cakey1.pem")
modparam("tls_mgm", "certificate",
"/usr/local/etc/opensips/tls_cnf/tls/rootCA/cacert.pem")
modparam("tls_mgm", "ca_list",
"/usr/local/etc/opensips/tls_cnf/tls/rootCA/cacert.pem")

modparam("tls_mgm", "client_domain", "dom1=172.16.16.149:5080")
modparam("tls_mgm", "private_key",
"[dom1]/usr/local/etc/opensips/tls_cnf/asterisk_149.pem")
modparam("tls_mgm", "certificate",
"[dom1]/usr/local/etc/opensips/tls_cnf/asterisk_149.pem")
modparam("tls_mgm", "ca_list",
"[dom1]/usr/local/etc/opensips/tls_cnf/asterisk_149.pem")

*asterisk_149.pem file is imported from asterisk server.Asterisk server is
listening on port 5080 for TLS.

When I am setting "verify_cert" to "0",calls working but on setting its
value to "1", opensips gives below errors:

ERROR:proto_tls:tls_accept: New TLS connection from 172.16.16.149:34678
failed to accept
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:14089086:SSL
routines:ssl3_get_client_certificate:certificate verify failed
ERROR:proto_tls:tls_read_req: failed to do pre-tls reading

Please provide guidance to solve this issue.


Thank you,
Rutu Patel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20180227/55958c5b/attachment.html>

More information about the Users mailing list