[OpenSIPS-Users] SSL error

Ihor Olkhovskyi igorolhovskiy at gmail.com
Fri Jun 14 18:13:42 UTC 2024 

Hello,

I'll paste a working 3.4 config of TLS from my project, hope you can 
adopt this one

loadmodule "proto_tls.so"
modparam("proto_tls", "tls_port", TLS_PORT)
modparam("proto_tls", "tls_handshake_timeout", 3000)
modparam("proto_tls", "tls_send_timeout", 3000)
modparam("proto_tls", "tls_async_local_connect_timeout", 3000)
modparam("proto_tls", "tls_async_handshake_timeout", 3000)
# WebSocket part
loadmodule "proto_wss.so"
modparam("proto_wss", "wss_handshake_timeout", 3000)
modparam("proto_wss", "wss_tls_handshake_timeout", 3000)
modparam("proto_wss", "require_origin", no)

loadmodule "tls_openssl.so"
loadmodule "tls_mgm.so"

modparam("tls_mgm", "client_domain", "client")
modparam("tls_mgm", "certificate", 
"[client]/etc/ssl/certs/ssl-cert-snakeoil.pem")
modparam("tls_mgm", "private_key", 
"[client]/etc/ssl/private/ssl-cert-snakeoil.key")
modparam("tls_mgm", "ca_list", "[client]/etc/ssl/certs/ca-certificates.crt")
modparam("tls_mgm", "verify_cert", "[client]0")
modparam("tls_mgm", "require_cert", "[client]0")

modparam("tls_mgm", "server_domain", "server")
modparam("tls_mgm", "certificate", 
"[server]/etc/ssl/certs/ssl-cert-snakeoil.pem")
modparam("tls_mgm", "private_key", 
"[server]/etc/ssl/private/ssl-cert-snakeoil.key")
modparam("tls_mgm", "ca_list", "[server]/etc/ssl/certs/ca-certificates.crt")
modparam("tls_mgm", "verify_cert", "[server]0")
modparam("tls_mgm", "require_cert", "[server]0")

Le 13/06/2024 à 00:49, Pa Ka a écrit :
>
> Hello Team, sorry to bother you again, opensips ssl certificate are 
> not working on port 5061. I check with an SSL Checker and returns *No 
> SSL certificates were found on [server:5061]*
>
> I’m using version 3.2.18 (it was the same issue with 3.4.5) 
>  certificate are generated with letsencrypt
>
> This is the modparam
>
> modparam("tls_mgm","tls_library", "openssl")
>
> modparam("tls_mgm","server_domain", "dom")
>
> modparam("tls_mgm","match_ip_address", "[dom]*")
>
> modparam("tls_mgm","verify_cert", "[dom]1")
>
> modparam("tls_mgm","require_cert", "[dom]1")
>
> modparam("tls_mgm","tls_method", "[dom]-TLSv1_2")
>
> modparam("tls_mgm","certificate", 
> "[dom]/etc/opensips/tls/user/user-cert.pem")
>
> modparam("tls_mgm","private_key", 
> "[dom]/etc/opensips/tls/user/user-privkey.pem")
>
> modparam("tls_mgm","ca_list", 
> "[dom]/etc/opensips/tls/user/user-calist.pem")
>
> modparam("tls_mgm", "require_cert", "1")
>
> modparam("tls_mgm", "verify_cert", "1")
>
> I tried this
>
> modparam("tls_mgm","certificate", 
> "[dom]/etc/letsencrypt/live/domain/fullchain.pem")
>
> modparam("tls_mgm","private_key", 
> "[dom]/etc/letsencrypt/live/domain/privkey.pem")
>
> modparam("tls_mgm","ca_list", 
> "[dom]/etc/letsencrypt/live/domain/chain.pem")
>
> but returns permission error message and couldn’t start opensips (even 
> if I set the permission of all files in etc/letsencryt to opensips 
> user and group as well.)
>
> Thank you. P.K
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20240614/8954ffa8/attachment.html>

More information about the Users mailing list