<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Usually between 7 - 14 days, with the occasional exceptions.</tt><br>
<pre class="moz-signature" cols="72">Liviu Chircu
OpenSIPS Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 28.07.2015 16:42, Rodrigo Pimenta
Carvalho wrote:<br>
</div>
<blockquote cite="mid:1438090965551.13708@inatel.br" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} p
{margin-top:0;
margin-bottom:0}p
{margin-top:0;
margin-bottom:0}--></style>
<p>Hi Liviu.</p>
<p><br>
</p>
<p>I have just investigated a bit more about the issue.</p>
<p><br>
</p>
<p>The problem is related to the creation of the files (following
the tutorial on page
<a moz-do-not-send="true"
href="http://www.opensips.org/Documentation/Tutorials-TLS-2-1">http://www.opensips.org/Documentation/Tutorials-TLS-2-1).</a> There
is no problem to read the files (read CAKey or cert files)</p>
<p>I have concluded it because I replaced the OpenSIPS certificate
files by others that I had generated in 2014 using another
tutorial.</p>
<p><br>
</p>
<p>Ok. I will <font face="monospace"><font face="monospace">open
a GitHub ticket</font></font> now.</p>
<p><br>
</p>
<p>We are working in a project that will have to use OpenSIPS 2.2.
Do you know, in an average, how long does it take to have a new
ticket solved and closed?
<br>
</p>
<p><br>
</p>
<p>Thank you very much for pointing the way of opening a Github
ticket!</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper"
style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:; margin:0">
<div class="BodyFragment"><font size="2">
<div class="PlainText">RODRIGO PIMENTA CARVALHO<br>
Inatel Competence Center<br>
Software<br>
Ph: +55 35 3471 9200 RAMAL 979<br>
</div>
</font></div>
</div>
</div>
<div style="color: rgb(33, 33, 33);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
color="#000000" face="Calibri, sans-serif"><b>De:</b>
<a class="moz-txt-link-abbreviated" href="mailto:users-bounces@lists.opensips.org">users-bounces@lists.opensips.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:users-bounces@lists.opensips.org"><users-bounces@lists.opensips.org></a> em nome de Liviu
Chircu <a class="moz-txt-link-rfc2396E" href="mailto:liviu@opensips.org"><liviu@opensips.org></a><br>
<b>Enviado:</b> terça-feira, 28 de julho de 2015 10:30<br>
<b>Para:</b> <a class="moz-txt-link-abbreviated" href="mailto:users@lists.opensips.org">users@lists.opensips.org</a><br>
<b>Assunto:</b> Re: [OpenSIPS-Users] Unable to load my
private key file (TLS) in OpenSIPS 2.2. What should I check?
Default example worked.</font>
<div> </div>
</div>
<div><tt>Hi Rodrigo,<br>
<br>
It's just a web portal, you can find it here [1]. Register a
new account, open a new issue, describe/explain it as best
as you can, and we'll do our best to have it fixed and
buried! Many thanks!<br>
<br>
[1]: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://github.com/OpenSIPS/opensips/issues?q=is%3Aopen+is%3Aissue+label%3Abug">https://github.com/OpenSIPS/opensips/issues?q=is%3Aopen+is%3Aissue+label%3Abug</a><br>
<br>
Best regards,<br>
</tt>
<pre class="moz-signature" cols="72">Liviu Chircu
OpenSIPS Developer
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 28.07.2015 15:56, Rodrigo
Pimenta Carvalho wrote:<br>
</div>
<blockquote type="cite">
<style type="text/css" style="">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
<p>Hi Liviu.</p>
<p><br>
</p>
<p>Your hint has worked.</p>
<p>So, could you send me the instructions on how to <font
face="monospace"><font face="monospace">open a GitHub
ticket</font></font>? I still don't know how to open
this, because I'm new on Git.</p>
<p>While you send me the instructions, I will try to use old
certificate files that I have since 2014, just to see if
the issue is about reading or creating the files via
OpenSIPS.<br>
</p>
<p><br>
</p>
<p>Many thanks. <br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper"
style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:; margin:0">
<div class="BodyFragment"><font size="2">
<div class="PlainText">RODRIGO PIMENTA CARVALHO<br>
Inatel Competence Center<br>
Software<br>
Ph: +55 35 3471 9200 RAMAL 979<br>
</div>
</font></div>
</div>
</div>
<div style="color:rgb(33,33,33)">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font
style="font-size:11pt" color="#000000" face="Calibri,
sans-serif"><b>De:</b>
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:users-bounces@lists.opensips.org">
users-bounces@lists.opensips.org</a> <a
moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:users-bounces@lists.opensips.org">
<users-bounces@lists.opensips.org></a> em nome
de Liviu Chircu <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:liviu@opensips.org">
<liviu@opensips.org></a><br>
<b>Enviado:</b> terça-feira, 28 de julho de 2015 02:54<br>
<b>Para:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:users@lists.opensips.org">
users@lists.opensips.org</a><br>
<b>Assunto:</b> Re: [OpenSIPS-Users] Unable to load my
private key file (TLS) in OpenSIPS 2.2. What should I
check? Default example worked.</font>
<div> </div>
</div>
<div><font face="monospace">Hi Rodrigo,<br>
<br>
Could you try to decrypt the key manually (i.e. remove
the passphrase), and use the resulting key in
OpenSIPS? You can use the following example:</font><br>
<br>
<pre style="overflow:auto; font-family:Menlo,Monaco,Consolas,'Courier New',monospace; font-size:13px; display:block; padding:9.5px; margin:0px 0px 10px; line-height:1.42857143; word-break:break-all; word-wrap:break-word; color:rgb(51,51,51); border:1px solid rgb(204,204,204); font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; widows:1; word-spacing:0px; background-color:rgb(245,245,245)"><font face="monospace">cp your_key </font><font face="monospace"><font face="monospace">your_key.bak</font></font>
openssl rsa -in <font face="monospace">your_key</font> -out new_key</pre>
<font face="monospace"><font face="monospace">If this
works for you, could you please open a GitHub
ticket? Many thanks!<br>
<br>
</font>Best regards,<br>
</font>
<pre class="moz-signature" cols="72">Liviu Chircu
OpenSIPS Developer
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 28.07.2015 00:34,
Rodrigo Pimenta Carvalho wrote:<br>
</div>
<blockquote type="cite">
<style type="text/css" style="">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
<p>Hi.</p>
<p><br>
</p>
<p>1 - I have read and followed all the instructions
on page <a moz-do-not-send="true"
href="http://www.opensips.org/Documentation/Tutorials-TLS-2-1">
http://www.opensips.org/Documentation/Tutorials-TLS-2-1</a> . It is
about how to set up TLS in OpenSIPS 2.1.
Good tutorial for beginners. But, there is no
tutorial for it in version 2.2</p>
<p>2 - I have read all the instructions from page <a
moz-do-not-send="true"
href="http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html">
http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html</a> .
This is the OpenSIPS TLS Module Guide.</p>
<p><br>
</p>
<p>3 - Considering all instructions I have learnt
today, I wrote the following configuration:</p>
<p><br>
</p>
<p>----------------------------------------------------------------------------------------------------------------------------------------------------------------</p>
<p><br>
</p>
<p>loadmodule "proto_tls.so"<br>
<br>
modparam("proto_tls","verify_cert", "1")<br>
modparam("proto_tls","require_cert",
"0") <br>
modparam("proto_tls","tls_method", "tlsv1") <br>
<br>
#modparam("proto_tls","certificate",
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem")
# This line was generated automatically,
after using the make menuconfig. It works very well.<br>
#modparam("proto_tls","private_key",
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem")
# This line was generated automatically, after
using the make menuconfig. It works very well.<br>
#modparam("proto_tls","ca_list",
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem")
# This line was generated automatically, after using
the make menuconfig. It works very well.
<br>
<br>
<br>
modparam("proto_tls", "certificate",
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem")
# I want to use the files generated
by me, following the tutorial on how to set up TLS.
No problem here.<br>
modparam("proto_tls", "private_key",
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem")
# File also generated by me, following the
tutorial. ERROR here. What is the problem??<br>
modparam("proto_tls", "ca_list",
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem")
# I want to use the files generated by me, following
the tutorial on how to set up TLS. No problem here.
<br>
modparam("proto_tls", "ca_dir",
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/")
# I want to use the files
generated by me, following the tutorial on how to
set up TLS. No problem here.</p>
<p><br>
</p>
<p>----------------------------------------------------------------------------------------------------------------------------------------------------------------</p>
<p><br>
</p>
<p>4. All paths I'm using in such configuration are
real and correct.</p>
<p><br>
</p>
<p>5. When I try to run the OpenSIPS, I always got the
erro:</p>
<p><br>
</p>
<p><span style="color:rgb(0,111,201)"><span
style="color:rgb(0,111,201)"><span
style="color:rgb(0,111,201)">Jul 27 18:02:02
[13783] WARNING:proto_tls:mod_init: disabling
compression due ZLIB problems</span></span></span></p>
<p><span style="color:rgb(255,0,0)">...</span></p>
<p><span style="color:rgb(255,0,0)">...</span></p>
<p><span style="color:rgb(255,0,0)">Enter passphrase
for
/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem:</span><br
style="color:rgb(255,0,0)">
<span style="color:rgb(255,0,0)">Jul 27 18:02:02
[13783] ERROR:proto_tls:load_private_key: unable
to load private key file
'/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem'.</span></p>
<p><br>
</p>
<p>So, the file cakey.pem cann't be loaded. But, I'm
running the OpenSIPS as a superuser.<br>
</p>
<p><br>
</p>
<p><br>
</p>
<p>What should I check in my files to verify whether
I have made some mistake?</p>
<p>To follow the tutorial for version 2.1 and to use
the version 2.2 can cause troubles? I tutorial I see
"TLSv1" and in the module guide I see "tlsv1". Is
the script case sensitive?<br>
</p>
<p><br>
</p>
<p>The issued file is: -rw------- 1 root root 1834 Jul
24 14:54
/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem.
Can it be owned by root user, or must be another
one?</p>
<p><br>
</p>
<p>I have just googled this case and I found same
problem for people who was using wrong key file,
which I think is not my case.<br>
</p>
<p><br>
</p>
<p>Any hint will be very helpful!<br>
</p>
<p><br>
</p>
<p>Thanks a lot!<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper"
style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:; margin:0">
<div class="BodyFragment"><font size="2">
<div class="PlainText">RODRIGO PIMENTA
CARVALHO<br>
Inatel Competence Center<br>
Software<br>
Ph: +55 35 3471 9200 RAMAL 979<br>
</div>
</font></div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>