<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
Hi,<br><br>I have OpenSIPS 1.6.4-tls with tls configuration in my opensips.cfg, it is working correctly with my Cisco SIP phones.<br><br><br>/* uncomment the following lines to enable TLS support (default off) */<br>disable_tls = no<br>listen = tls:192.168.1.1:1234<br>tls_verify_server = 1<br>tls_verify_client = 0<br>tls_require_client_certificate = 0<br>tls_method = SSLv23<br># tls_method = TLSv1<br>tls_certificate = "/usr/local/opensips/etc/tls/user/user-cert.pem"<br>tls_private_key = "/usr/local/opensips/etc/tls/user/user-privkey.pem"<br>tls_ca_list = "/usr/local/opensips/etc/tls/user/user-calist.pem"<br><br><br>I want to use Bria softphones but i can't register them. Then I had generated new self-signed certificates and loaded in my PC, but i don't know if it is fine configured. I have done this:<br><br>First i have configured /usr/local/opensips/etc/tls/ca.conf and /usr/local/opensips/etc/tls/user.conf<br><br><br>In ca.conf i have rewrited:<br><br>[ root_ca_distinguished_name ]<br>commonName = 192.168.1.1:1234 # please update<br>stateOrProvinceName = Your_STATE # please update<br>countryName = CO # please update<br>emailAddress = YOUR_EMAIL # please update<br>organizationName = YOUR_ORG_NAME # please update<br><br><br>And in user.conf i have rewrited:<br><br>[ req ]<br>prompt = no<br>distinguished_name = server_distinguished_name<br>[ server_distinguished_name ]<br>commonName = 192.168.1.1:1234 # please update<br>stateOrProvinceName = Some State # please update<br>countryName = XY # please update<br>emailAddress = root@somename.somewhere.com # please update<br>organizationName = My Large Organization Name # please update<br>organizationalUnitName = My Subunit of Large Organization # please update<br><br><br>Then I have run:<br><br># /usr/local/opensips/sbin/opensipsctl tls rootCA<br># /usr/local/opensips/sbin/opensipsctl tls userCERT user<br><br>I introduced the same password, this generated the folders: /usr/local/opensips/etc/tls/rootCA/ and /usr/local/opensips/etc/tls/user/<br><br>I copied the file: /usr/local/opensips/etc/tls/rootCA/cacert.pem to my Windows PC and i have loaded it in trusted root certification authorities, is named 192.168.1.1:1234<br><br>Before, the error was:<br><br> ERROR:core:tls_print_errstack: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca <br> ERROR:core:tls_accept: some error in SSL (ret=-1, err=5, errno=104/Connection reset by peer): <br> ERROR:core:tls_accept: some error in SSL (ret=0, err=1, errno=0/Success):<br><br>Now, with this certificate:<br><br> ERROR:core:tls_accept: some error in SSL (ret=0, err=1, errno=0/Success): <br> ERROR:core:tls_print_errstack: error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error <br> ERROR:core:tls_accept: some error in SSL (ret=-1, err=5, errno=104/Connection reset by peer):<br><br>But I have not achieved anything, What's happening? What are i doing bad?<br> <br><br>Thanks.<br>Regards.<br>                                            </div></body>
</html>