<span style="font-family:verdana,sans-serif">Hi All,</span><br style="font-family:verdana,sans-serif"><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">I am using opensips 1.7.0 with TLS.</span><br style="font-family:verdana,sans-serif">
<b style="font-family:verdana,sans-serif"><br># cd /usr/src/opensips/opensips-1.7.0-tls/<br># make<br># make install</b><br style="font-family:verdana,sans-serif"><br style="font-family:verdana,sans-serif"><b style="font-family:verdana,sans-serif"># cd /usr/local/etc/opensips/tls/<br>
# vim ca.conf</b><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">[ root_ca_distinguished_name ]</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">commonName = <a href="http://sip1.example.com">sip1.example.com</a> #Your_NAME # please update</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">stateOrProvinceName = California #Your_STATE # please update</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">countryName = US #CO # please update</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">emailAddress = <a href="mailto:myemail@gmail.com">myemail@gmail.com</a> #YOUR_EMAIL # please update</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">organizationName = example1 #YOUR_ORG_NAME # please update</span><br style="font-family:verdana,sans-serif">
<br style="font-family:verdana,sans-serif"><b style="font-family:verdana,sans-serif"># vim user.conf</b><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">[ server_distinguished_name ]</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">commonName = <a href="http://sip1.example.com">sip1.example.com</a> #<a href="http://somename.somewhere.com">somename.somewhere.com</a> # please update</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">stateOrProvinceName = California #Some State # please update</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">countryName = US #XY # please update</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">emailAddress = <a href="mailto:myemail@gmail.com">myemail@gmail.com</a> #<a href="mailto:root@somename.somewhere.com">root@somename.somewhere.com</a> # please update</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">organizationName = example1 #My Large Organization Name # please update</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">organizationalUnitName = OpenSIPS #My Subunit of Large Organization # please update</span><br style="font-family:verdana,sans-serif">
<br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Generating rootCA and user certificate....</span><br style="font-family:verdana,sans-serif"><br style="font-family:verdana,sans-serif">
<b style="font-family:verdana,sans-serif"># opensipsctl tls rootCA<br># opensipsctl tls userCERT user<br></b><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Here, is my opensips.cfg file ...</span><br style="font-family:verdana,sans-serif">
<br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">debug=7</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">fork=yes</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">log_facility=LOG_LOCAL0</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">log_stderror=no</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">children=4</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">sip_warning=yes</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">check_via=no</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">dns=no</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">rev_dns=no</span><br style="font-family:verdana,sans-serif"><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">disable_tls=0</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">listen=udp:<a href="http://172.18.100.73:5060">172.18.100.73:5060</a></span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">listen=tls:<a href="http://172.18.100.73:5061">172.18.100.73:5061</a></span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">tls_verify_server=0</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">tls_verify_client=1</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">tls_require_client_certificate=1</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">tls_method=SSLv23</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">tls_private_key="/usr/local/etc/opensips/tls/user/user-privkey.pem"</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">tls_certificate="/usr/local/etc/opensips/tls/user/user-cert.pem"</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">#tls_ca_list="/usr/local/etc/opensips/tls/user/user-calist.pem"</span><br style="font-family:verdana,sans-serif">
<br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">mpath="/usr/local/lib/opensips/modules/"</span><br style="font-family:verdana,sans-serif"><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif"># default db_url to be used by modules requiring DB connection</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">db_default_url="mysql://opensips:opensipsrw@localhost/opensips"</span><br style="font-family:verdana,sans-serif">
<br style="font-family:verdana,sans-serif"><br style="font-family:verdana,sans-serif" clear="all"><span style="font-family:verdana,sans-serif">Now, when I tried to register client (jitsi) ... it gives following error ... </span><br style="font-family:verdana,sans-serif">
<br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: depth = 0</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: subject = /serialNumber=</span><b style="font-family:verdana,sans-serif">ceritifcate details like Office, State etc.</b><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: verify error:num=20:unable to get local issuer certificate</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: error code is 20</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: something wrong with the cert ... error code is 20 (check x509_vfy.h)</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: verify return:0</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: WARNING:core:tls_connect: server certificate verification failed!!!</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: ERROR:core:_tls_read: something wrong in SSL: 1</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: ERROR:core:tls_print_errstack: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: ERROR:core:tcp_read_req: failed to read </span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18378]: ERROR:core:_tls_read: something wrong in SSL: 1</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18378]: ERROR:core:tls_print_errstack: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18378]: ERROR:core:tcp_read_req: failed to read </span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18382]: ERROR:core:tls_shutdown: something wrong in SSL:</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:16:29 jaxtrsms /usr/local/sbin/opensips[18376]: INFO:core:probe_max_sock_buff: using snd buffer of 255 kb</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Feb 23 12:16:40 jaxtrsms /usr/local/sbin/opensips[18376]: ERROR:core:tcp_blocking_connect: timeout 10 s elapsed from 10 s</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:16:40 jaxtrsms /usr/local/sbin/opensips[18376]: ERROR:core:tcpconn_connect: tcp_blocking_connect failed</span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Feb 23 12:16:40 jaxtrsms /usr/local/sbin/opensips[18376]: ERROR:core:tcp_send: connect failed</span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:16:40 jaxtrsms /usr/local/sbin/opensips[18376]: ERROR:tm:msg_send: tcp_send failed</span><br style="font-family:verdana,sans-serif"><br style="font-family:verdana,sans-serif">
<br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">and sometime I get following error ...</span><br style="font-family:verdana,sans-serif"><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Feb 23 12:06:57 localhost /usr/local/sbin/opensips[12483]: INFO:core:probe_max_sock_buff: using snd buffer of 512 kb </span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:06:57 localhost /usr/local/sbin/opensips[12474]: ERROR:core:tls_accept: some error in SSL (ret=-1, err=1, errno=0/Success): </span><br style="font-family:verdana,sans-serif">
<span style="font-family:verdana,sans-serif">Feb 23 12:06:57 localhost /usr/local/sbin/opensips[12474]: ERROR:core:tls_print_errstack: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate </span><br style="font-family:verdana,sans-serif">
<br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Please help me, anything wrong with configure or give guidance to configure opensips 1.7 with tls.</span><br style="font-family:verdana,sans-serif">
<br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">-- </span><br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Regards,</span><br style="font-family:verdana,sans-serif">
<br style="font-family:verdana,sans-serif"><span style="font-family:verdana,sans-serif">Chandrakant Solanki</span><br style="font-family:verdana,sans-serif">