[OpenSIPS-Users] Need some clarification on TLS configuration on opensips 3.2
Sasmita Panda
spanda at 3clogic.com
Thu Sep 5 10:46:07 UTC 2024
Hi Liviu ,
Yesterday we tried the same thing . I have added ca_list in the opensips
config which resolved the tls error . Corresponding to ca_list I have added
/etc/ssl/certs/ca_certificates.crt (This file is present in the linux
server . I have not created this one . )
Before 5year I have tried the same kind of TLS connection with opensips 2.4
and that was working fine without adding the ca_list in the config file .
Hence I was expecting the same here with 3.2 as well . But that didn't work
here . What can be the reason for this ?
You are right , with basic openssl commands also I am able to establish a
TLS connection which I was not verified earlier .
Thank you once again .
*Thanks & Regards*
*Sasmita Panda*
*Senior Network Testing and Software Engineer*
*3CLogic , ph:07827611765*
On Thu, Sep 5, 2024 at 1:20 PM Liviu Chircu <liviu at opensips.org> wrote:
> On 30.08.2024 14:57, Sasmita Panda wrote:
>
>
> With this configuration when I place an outbound call I am
> getting below error in the logs . I don't have the certificate and key of
> the next party . How can I authorized this certificate the
> provide on opensips end ?
>
> Hi Sasmita,
>
> Try also setting the ca_list
> <https://opensips.org/docs/modules/3.6.x/tls_mgm.html#param_ca_list> and
> ca_dir <https://opensips.org/docs/modules/3.6.x/tls_mgm.html#param_ca_dir>
> modparams and see if the CA is finally located, because that seems to be
> the error here.
>
> Moreover, if you are still stuck on this, why not start with the *basics*?
> Forget about OpenSIPS and its TLS wrappers until you are 100% sure you have
> the right configuration files and try to establish the TLS connection /
> exchange a few packets *manually*, from command-line, using a tutorial such
> as this one
> <https://djangocas.dev/blog/test-tls-connectivity-with-openssl/>.
>
> Hope this helps,
>
> --
> Liviu Chircuwww.twitter.com/liviuchircu | www.opensips-solutions.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20240905/bf1f658d/attachment.html>
More information about the Users
mailing list