<div dir="ltr"><font face="arial, helvetica, sans-serif">Hi,</font><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">You are getting the message "<span style="color:rgb(0,0,0);white-space:pre-wrap">self signed certificate in certificate chain" because you haven't included your server's root certificate in the command, with either -CApath or -CAfile option, for example add the following to the command: </span><span style="white-space:inherit;background-color:rgb(238,238,238)">-CApath /etc/ssl/certs</span></font></div><div><span style="white-space:inherit;background-color:rgb(255,255,255)"><font face="arial, helvetica, sans-serif"><br></font></span></div><div><span style="white-space:inherit;background-color:rgb(255,255,255)"><font face="arial, helvetica, sans-serif">Then the response you receive should look like the following:</font></span></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><div><font face="arial, helvetica, sans-serif">Start Time: 1438129754</font></div><div><font face="arial, helvetica, sans-serif">Timeout : 300 (sec)</font></div><div><font face="arial, helvetica, sans-serif">Verify return code: 0 (ok)</font></div></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 28 July 2015 at 20:12, Rodrigo Pimenta Carvalho <span dir="ltr"><<a href="mailto:pimenta@inatel.br" target="_blank">pimenta@inatel.br</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr" style="font-size:12pt;color:#000000;background-color:#ffffff;font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Hi.</p>
<p>I have followed the tutorial about setting up the TLS. ( <a href="http://www.opensips.org/Documentation/Tutorials-TLS-2-1" target="_blank">
http://www.opensips.org/Documentation/Tutorials-TLS-2-1</a> ). Then, I have run the command: "</p>
<pre>openssl s_client -showcerts -debug -connect <your-ip-address>:<port> -no_ssl2 -bugs", to test the handshake.<br><br>But, what is an example of result for this command, telling me that everything is ok?<br><br>I got:<br><br>CONNECTED(00000003)<br>...<br>...<br>...<br>verify error:num=19:self signed certificate in certificate chain<br>verify return:0<br>..<br>..<br>..<br>---<br>No client certificate CA names sent<br>---<br>SSL handshake has read 1567 bytes and written 285 bytes<br>---<br>New, TLSv1/SSLv3, Cipher is AES256-SHA<br>Server public key is 2048 bit<br>Secure Renegotiation IS supported<br>Compression: NONE<br>Expansion: NONE<br>SSL-Session:<br> Protocol : TLSv1<br> Cipher : AES256-SHA<br> Session-ID: <br> Session-ID-ctx: <br> Master-Key: 90D6174E13EFDF2317B8F24D0AEBC5A56C3633D7DFC1BF8ADF186672CD9F26B5D812BE595775DFE6416C31DDE736D217<br> Key-Arg : None<br> PSK identity: None<br> PSK identity hint: None<br> SRP username: None<br> Start Time: 1438110339<br> Timeout : 300 (sec)<br> Verify return code: 19 (self signed certificate in certificate chain)<br><br>So, did the handshake work? If not, what might be wrong?<br>Any hint will be very helpful! <br><br>Best Regards.<span class="HOEnZb"><font color="#888888"><br><br></font></span></pre><span class="HOEnZb"><font color="#888888">
<p><br>
</p>
<div>
<div name="divtagdefaultwrapper">
<div><font size="2">
<div>RODRIGO PIMENTA CARVALHO<br>
Inatel Competence Center<br>
Software<br>
Ph: <a href="tel:%2B55%2035%203471%209200" value="+553534719200" target="_blank">+55 35 3471 9200</a> RAMAL 979<br>
</div>
</font></div>
</div>
</div>
</font></span></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>