<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi John,</p>
<p>You are probably looking over the documentation for the wrong
OpenSIPS version. The issues that you've mentioned appear in the
2.2 docs.<br>
</p>
<p>The 2.4 docs should mostly cover your questions, but
nevertheless:<br>
</p>
<p>a) The domain field is only an identifier for the virtual TLS
domain, but for default domains, indeed there is a special value,
'default'.</p>
<p>b) * address - same meaning as the IP:port part of the
'server_domain' parameter</p>
<p> * type - TLS client(1) or server(2) domain and 0 for defining
both a client and server default domain with the same attributes</p>
<p> * crl_check_all - check all files in the 'crl_dir'</p>
<p> * crl_dir - path to directory containing Certificate
Revocation Lists</p>
<p>c) Both DB and script domains can be defined at the same time,
but they should be seen as different sets of domains, so you
should set a modparam only for a script defined domain.</p>
<p>The blob database fields indeed should contain the contents of
the certificates.</p>
<p>Regards,<br>
</p>
<pre class="moz-signature" cols="72">Vlad Patrascu
OpenSIPS Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 08/01/2018 06:55 PM, John Quick
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:000f01d429b0$08ab1640$1a0142c0$@smartvox.co.uk">
<pre wrap="">Hi Bogdan,
Thanks for your response to my earlier query.
Im now trying to convert from modparam based definitions to provisioning
certs from the DB.
I cannot find a published example of a populated DB record in the tls_mgm
table.
Furthermore, the online documentation has gaps regarding DB Provisioning and
it also contains this error:
Section 1.7.14 describes a parameter db_mode, but if you try adding this it
generates an error "parameter <db_mode> not found in module"
Can you please help with an example record or at least answer these
questions:
a) What to put in the 'domain' field if I only want to set up one default
domain. Should it be "default"?
b) What are the following fields. I am not sure what they should contain:
'address', 'type', 'crl_check_all', 'crl_dir'
c) How does provisioning from DB interact with provisioning from static
modparam values?
I got errors when I commented out modparam statements for "certificate" and
"private_key" because the module was still looking for the "default" files,
even though I am now provisioning from the DB. This means there is now
ambiguity - certificates are defined both in files in modparam and also in
blob fields in the DB.
I assume the blob fields 'certificate', 'private_key' and 'ca_list' must
contain the contents of the certificate, not the path to the file.
This means I'll need to write a script to copy these data from the renewed
LetsEncrypt certificates before issuing the MI reload command.
By the way, the online module documentation for tls_mgm has a duplicate
section - 1.7.18 is same as 1.7.19
John Quick
Smartvox Limited
</pre>
<blockquote type="cite">
<pre wrap="">Bogdan-Andrei Iancu bogdan at opensips.org
Thu Jul 26 07:56:18 EDT 2018
Hi John, When the cert is configured via modparam, the cert is loaded on
</pre>
</blockquote>
<pre wrap="">startup by OpenSIPS, so any renewal of the cert will have 0 impact on
OpenSIPS - so you will have to restart after each renewal.
</pre>
<blockquote type="cite">
<pre wrap="">I suggest you to provision the certs via DB (and not script), so you can
</pre>
</blockquote>
<pre wrap="">do a reload after renewal, with any need to restart opensips.
</pre>
<blockquote type="cite">
<pre wrap="">Regards, Bogdan-Andrei Iancu
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>