[OpenSIPS-Users] TLS Error

John Matich john at siptalk.com.au
Thu Sep 17 13:49:04 EST 2020


Copy the certs into /etc/opensips/tls/.... it doesn't seem to like the
symlinked certs of letsencrypt
That fixed it for me when I had the same issue.
On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote:
> yes but why as that path is correctand permissions etc are all fine
> 
> On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq <Johan at democon.be>
> wrote:
> > it seems to me that it can't load your certificate. 
> > 
> > Op do 17 sep. 2020 om 15:16 schreef Andrew Colin <
> > andrewd.colin at gmail.com>:
> > > Hi Guys
> > > I am trying to get tls to work but getting some errors.
> > > i am using letsencrypt and opensips 3.1
> > > 
> > > my config is 
> > > 
> > > loadmodule "proto_tls.so"
> > > 
> > > loadmodule "tls_mgm.so"
> > > 
> > > modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
> > > 
> > > modparam("tls_mgm", "server_domain", "dom1")
> > > modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
> > > modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
> > > 
> > > 
> > > modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
> > > modparam("tls_mgm", "verify_cert", "[dom1]1")
> > > modparam("tls_mgm", "require_cert", "[dom1]1")
> > > modparam("tls_mgm", "certificate",
> > > "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem")
> > > modparam("tls_mgm", "private_key",
> > > "[dom1]/etc/letsencrypt/live/mydomain.co.uk/privkey.pem")
> > > modparam("tls_mgm", "ca_list",
> > > "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem")
> > > modparam("tls_mgm", "ca_dir",
> > > "[dom1]/etc/letsencrypt/live/bmydomain.co.uk")
> > > 
> > > 
> > > 
> > > 
> > > but i get this error
> > > 
> > > 
> > > 
> > > 
> > > INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > NOTICE:tls_mgm:init_tls_dom: No EC curve defined
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification
> > > activated. Client certificates are mandatory.
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > ERROR:tls_mgm:load_certificate: unable to load certificate file
> > > '/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > ERROR:core:init_mod: failed to initialize module tls_mgm
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main:
> > > error while initializing modules
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > INFO:core:cleanup: cleanup
> > > 
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
> > > Exiting....
> > > _______________________________________________
> > > 
> > > Users mailing list
> > > 
> > > Users at lists.opensips.org
> > > 
> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > > 
> > 
> > _______________________________________________
> > 
> > Users mailing list
> > 
> > Users at lists.opensips.org
> > 
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > 
> 
> _______________________________________________Users mailing 
> listUsers at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200917/2ae6b4ca/attachment.html>


More information about the Users mailing list