<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hi.</p>
<p><br>
</p>
<p>1 - I have read and followed all the instructions on page <a href="http://www.opensips.org/Documentation/Tutorials-TLS-2-1">
http://www.opensips.org/Documentation/Tutorials-TLS-2-1</a> . It is about how to set up TLS in OpenSIPS 2.1. Good tutorial for beginners. But, there is no tutorial for it in version 2.2</p>
<p>2 - I have read all the instructions from page <a href="http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html">
http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html</a> . This is the OpenSIPS TLS Module Guide.</p>
<p><br>
</p>
<p>3 - Considering all instructions I have learnt today, I wrote the following configuration:</p>
<p><br>
</p>
<p>----------------------------------------------------------------------------------------------------------------------------------------------------------------</p>
<p><br>
</p>
<p>loadmodule "proto_tls.so"<br>
<br>
modparam("proto_tls","verify_cert", "1")<br>
modparam("proto_tls","require_cert", "0") <br>
modparam("proto_tls","tls_method", "tlsv1") <br>
<br>
#modparam("proto_tls","certificate", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem") # This line was generated automatically, after using the make menuconfig. It works very well.<br>
#modparam("proto_tls","private_key", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem") # This line was generated automatically, after using the make menuconfig. It works very well.<br>
#modparam("proto_tls","ca_list", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem") # This line was generated automatically, after using the make menuconfig. It works very well.
<br>
<br>
<br>
modparam("proto_tls", "certificate", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") # I want to use the files generated by me, following the tutorial on how to set up TLS. No problem here.<br>
modparam("proto_tls", "private_key", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem") # File also generated by me, following the tutorial. ERROR here. What is the problem??<br>
modparam("proto_tls", "ca_list", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") # I want to use the files generated by me, following the tutorial on how to set up TLS. No problem here.
<br>
modparam("proto_tls", "ca_dir", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/") # I want to use the files generated by me, following the tutorial on how to set up TLS. No problem here.</p>
<p><br>
</p>
<p>----------------------------------------------------------------------------------------------------------------------------------------------------------------</p>
<p><br>
</p>
<p>4. All paths I'm using in such configuration are real and correct.</p>
<p><br>
</p>
<p>5. When I try to run the OpenSIPS, I always got the erro:</p>
<p><br>
</p>
<p><span style="color: rgb(0, 111, 201);"><span style="color: rgb(0, 111, 201);"><span style="color: rgb(0, 111, 201);">Jul 27 18:02:02 [13783] WARNING:proto_tls:mod_init: disabling compression due ZLIB problems</span></span></span></p>
<p><span style="color: rgb(255, 0, 0);">...</span></p>
<p><span style="color: rgb(255, 0, 0);">...</span></p>
<p><span style="color: rgb(255, 0, 0);">Enter passphrase for /home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem:</span><br style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">Jul 27 18:02:02 [13783] ERROR:proto_tls:load_private_key: unable to load private key file '/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem'.</span></p>
<p><br>
</p>
<p>So, the file cakey.pem cann't be loaded. But, I'm running the OpenSIPS as a superuser.<br>
</p>
<p><br>
</p>
<p><br>
</p>
<p>What should I check in my files to verify whether I have made some mistake?</p>
<p>To follow the tutorial for version 2.1 and to use the version 2.2 can cause troubles? I tutorial I see "TLSv1" and in the module guide I see "tlsv1". Is the script case sensitive?<br>
</p>
<p><br>
</p>
<p>The issued file is: -rw------- 1 root root 1834 Jul 24 14:54 /home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem. Can it be owned by root user, or must be another one?</p>
<p><br>
</p>
<p>I have just googled this case and I found same problem for people who was using wrong key file, which I think is not my case.<br>
</p>
<p><br>
</p>
<p>Any hint will be very helpful!<br>
</p>
<p><br>
</p>
<p>Thanks a lot!<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div class="BodyFragment"><font size="2">
<div class="PlainText">RODRIGO PIMENTA CARVALHO<br>
Inatel Competence Center<br>
Software<br>
Ph: +55 35 3471 9200 RAMAL 979<br>
</div>
</font></div>
</div>
</div>
</body>
</html>