[OpenSIPS-Users] Need some clarification on TLS configuration on opensips 3.2

Sasmita Panda spanda at 3clogic.com
Thu Aug 29 07:22:43 UTC 2024 

Hi All ,

I am using opensips 3.2 from very long time . For TLS connection I was
using our domain specific certificate and private key which was authorized
by some verified organization . With that my TLS connection with the server
is getting established and also I am able to get REGISTER and INVITE
request on the connection .


Rather than this , when I build opensips with TLS=1 opensips itself creates
its own rootCA . If I am using those crt and private key file for TLS
connection the connection get established but I am not getting any request
. What can be the reason .

My configuration is like below .

modparam("tls_mgm", "server_domain", "dom3")
modparam("tls_mgm", "match_ip_address", "[dom3]20.1.x.y:5061")
modparam("tls_mgm", "match_sip_domain", "[dom3]none")
# 20.1.x.y this is my servers private IP on which I have configured TLS
socket .
modparam("tls_mgm", "tls_method", "[dom3]-TLSv1_2")

modparam("tls_mgm", "certificate",
"[dom3]/etc/opensips/tls/rootCA/cacert.pem")
modparam("tls_mgm", "private_key",
"[dom3]/etc/opensips/tls/rootCA/private/cakey.pem")
modparam("tls_mgm", "ca_list",
"[dom3]/etc/opensips/tls/rootCA/certs/01.pem")

modparam("tls_mgm", "require_cert", "[dom3]0")
modparam("tls_mgm", "verify_cert", "[dom3]1")

In the logs I am getting below message



*2024-08-29T07:14:59.213460+00:00 ip-20-1-205-63 /sbin/opensips[22895]:
INFO:tls_openssl:openssl_tls_accept: New TLS connection from x.x.x.x:20219
accepted2024-08-29T07:14:59.213866+00:00 ip-20-1-205-63
/sbin/opensips[22895]: INFO:tls_openssl:openssl_tls_accept: Client did not
present a TLS certificate2024-08-29T07:14:59.214064+00:00 ip-20-1-205-63
/sbin/opensips[22895]: INFO:tls_openssl:tls_dump_cert_info: tls_accept:
local TLS server certificate subject:
/CN=OpenSIPS/ST=opensips.org/C=IP/emailAddress=team at opensips.org/O=opensips.org
<http://opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org>,
issuer:
/CN=OpenSIPS/ST=opensips.org/C=IP/emailAddress=team at opensips.org/O=opensips.org
<http://opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org>*

I have added siptrace and tracing to the DB as well . I am not getting any
SIP messages on the 2nd case . What can be the reason for this ?  This is
quite critical to me . Please do help.


*Thanks & Regards*
*Sasmita Panda*
*Senior Network Testing and Software Engineer*
*3CLogic , ph:07827611765*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20240829/5673b79b/attachment.html>

More information about the Users mailing list