[OpenSIPS-Users] Problems reloading TLS certs.
Matthew Schumacher
schu at schu.net
Thu Nov 13 05:57:11 UTC 2025
Hello All,
I have a 3.2 server where I can't reload certs. Is this because I'm not
storing the certs in a database? How can I work around this? The server
is never idle enough for me to restart and my cert expires in a few
days. Am I forced to kick people off to restart? Also, is there a way
to tell opensips to not accept any new calls? I'm not sure how much that
will help, but it would be good to know.
Thanks!
root at sbc:/etc/opensips# opensips-cli -f /etc/opensips/opensips-cli.cfg
-x mi tls_reload
ERROR: command 'tls_reload' returned: 500: DB url not set
root at sbc:/etc/opensips# opensips-cli -f /etc/opensips/opensips-cli.cfg
-x mi tls_list
{
"Domains": [
{
"name": "client",
"type": "TLS_DOMAIN_CLI",
"IP ADDRESS FILTERS": [
"*"
],
"SIP DOMAIN FILTERS": [
"*"
],
"METHOD": "TLSv1_2",
"VERIFY_CERT": true,
"REQ_CLI_CERT": false,
"CRL_CHECKALL": false,
"CERT_FILE": "/etc/ssl/certs/siptrunk_domain_net.crt",
"CRL_DIR": "",
"CA_FILE": "/etc/ssl/certs/ca-certificates.crt",
"CA_DIR": "/etc/pki/CA/",
"PKEY_FILE": "/etc/ssl/certs/siptrunk_domain_net.key",
"CIPHER_LIST": "",
"DH_PARAMS_FILE": "",
"EC_CURVE": ""
},
{
"name": "server",
"type": "TLS_DOMAIN_SRV",
"IP ADDRESS FILTERS": [
"x.x.x.x:5061",
"y.y.y.y:5061"
],
"SIP DOMAIN FILTERS": [
"*"
],
"METHOD": "TLSv1_2",
"VERIFY_CERT": false,
"REQ_CLI_CERT": true,
"CRL_CHECKALL": false,
"CERT_FILE": "/etc/ssl/certs/siptrunk_domain_net.crt",
"CRL_DIR": "",
"CA_FILE": "/etc/ssl/certs/ca-certificates.crt",
"CA_DIR": "/etc/pki/CA/",
"PKEY_FILE": "/etc/ssl/certs/siptrunk_domain_net.key",
"CIPHER_LIST": "ALL:!aNULL:!eNULL:!MD5:!RC4",
"DH_PARAMS_FILE": "",
"EC_CURVE": ""
}
]
}
More information about the Users
mailing list