<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font face="monospace">Hi Rodrigo,<br>
<br>
Could you try to decrypt the key manually (i.e. remove the
passphrase), and use the resulting key in OpenSIPS? You can use
the following example:</font><font face="monospace"><font
face="monospace"></font></font><br>
<br>
<font face="monospace"><font face="monospace">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
</font></font>
<pre style="box-sizing: border-box; overflow: auto; font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 13px; display: block; padding: 9.5px; margin: 0px 0px 10px; line-height: 1.42857143; word-break: break-all; word-wrap: break-word; color: rgb(51, 51, 51); border: 1px solid rgb(204, 204, 204); border-radius: 4px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(245, 245, 245);"><font face="monospace">cp your_key </font><font face="monospace"><font face="monospace">your_key.bak</font></font>
openssl rsa -in <font face="monospace">your_key</font> -out new_key</pre>
<font face="monospace"><font face="monospace">If this works for you,
could you please open a GitHub ticket? Many thanks!<br>
<br>
</font>Best regards,<br>
</font>
<pre class="moz-signature" cols="72">Liviu Chircu
OpenSIPS Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 28.07.2015 00:34, Rodrigo Pimenta
Carvalho wrote:<br>
</div>
<blockquote cite="mid:1438032851331.56701@inatel.br" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} --></style>
<p>Hi.</p>
<p><br>
</p>
<p>1 - I have read and followed all the instructions on page <a
moz-do-not-send="true"
href="http://www.opensips.org/Documentation/Tutorials-TLS-2-1">
http://www.opensips.org/Documentation/Tutorials-TLS-2-1</a> .
It is about how to set up TLS in OpenSIPS 2.1. Good tutorial for
beginners. But, there is no tutorial for it in version 2.2</p>
<p>2 - I have read all the instructions from page <a
moz-do-not-send="true"
href="http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html">
http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html</a> .
This is the OpenSIPS TLS Module Guide.</p>
<p><br>
</p>
<p>3 - Considering all instructions I have learnt today, I wrote
the following configuration:</p>
<p><br>
</p>
<p>----------------------------------------------------------------------------------------------------------------------------------------------------------------</p>
<p><br>
</p>
<p>loadmodule "proto_tls.so"<br>
<br>
modparam("proto_tls","verify_cert", "1")<br>
modparam("proto_tls","require_cert",
"0") <br>
modparam("proto_tls","tls_method", "tlsv1") <br>
<br>
#modparam("proto_tls","certificate",
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem")
# This line was generated automatically, after using
the make menuconfig. It works very well.<br>
#modparam("proto_tls","private_key",
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem")
# This line was generated automatically, after using the
make menuconfig. It works very well.<br>
#modparam("proto_tls","ca_list",
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem")
# This line was generated automatically, after using the make
menuconfig. It works very well.
<br>
<br>
<br>
modparam("proto_tls", "certificate",
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem")
# I want to use the files generated by me,
following the tutorial on how to set up TLS. No problem here.<br>
modparam("proto_tls", "private_key",
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem")
# File also generated by me, following the tutorial.
ERROR here. What is the problem??<br>
modparam("proto_tls", "ca_list",
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem")
# I want to use the files generated by me, following the
tutorial on how to set up TLS. No problem here.
<br>
modparam("proto_tls", "ca_dir",
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/")
# I want to use the files generated by
me, following the tutorial on how to set up TLS. No problem
here.</p>
<p><br>
</p>
<p>----------------------------------------------------------------------------------------------------------------------------------------------------------------</p>
<p><br>
</p>
<p>4. All paths I'm using in such configuration are real and
correct.</p>
<p><br>
</p>
<p>5. When I try to run the OpenSIPS, I always got the erro:</p>
<p><br>
</p>
<p><span style="color: rgb(0, 111, 201);"><span style="color:
rgb(0, 111, 201);"><span style="color: rgb(0, 111, 201);">Jul
27 18:02:02 [13783] WARNING:proto_tls:mod_init: disabling
compression due ZLIB problems</span></span></span></p>
<p><span style="color: rgb(255, 0, 0);">...</span></p>
<p><span style="color: rgb(255, 0, 0);">...</span></p>
<p><span style="color: rgb(255, 0, 0);">Enter passphrase for
/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem:</span><br
style="color: rgb(255, 0, 0);">
<span style="color: rgb(255, 0, 0);">Jul 27 18:02:02 [13783]
ERROR:proto_tls:load_private_key: unable to load private key
file
'/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem'.</span></p>
<p><br>
</p>
<p>So, the file cakey.pem cann't be loaded. But, I'm running the
OpenSIPS as a superuser.<br>
</p>
<p><br>
</p>
<p><br>
</p>
<p>What should I check in my files to verify whether I have made
some mistake?</p>
<p>To follow the tutorial for version 2.1 and to use the version
2.2 can cause troubles? I tutorial I see "TLSv1" and in the
module guide I see "tlsv1". Is the script case sensitive?<br>
</p>
<p><br>
</p>
<p>The issued file is: -rw------- 1 root root 1834 Jul 24 14:54
/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem. Can
it be owned by root user, or must be another one?</p>
<p><br>
</p>
<p>I have just googled this case and I found same problem for
people who was using wrong key file, which I think is not my
case.<br>
</p>
<p><br>
</p>
<p>Any hint will be very helpful!<br>
</p>
<p><br>
</p>
<p>Thanks a lot!<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper"
style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:; margin:0">
<div class="BodyFragment"><font size="2">
<div class="PlainText">RODRIGO PIMENTA CARVALHO<br>
Inatel Competence Center<br>
Software<br>
Ph: +55 35 3471 9200 RAMAL 979<br>
</div>
</font></div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>