<html><head><style id="outgoing-font-settings">#response_container_BBPPID{font-family: initial; font-size:initial; color: initial;}</style></head><body style="background-color: rgb(255, 255, 255); background-image: initial; line-height: initial;"><div id="response_container_BBPPID" style="outline:none;" dir="auto" contenteditable="false"> <div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;"> You got me there... the doc states</div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;"><pre class="hl" style="background-color: rgb(255, 255, 255); font-size: 10pt; font-family: "Courier New", monospace;">OpenSIPS offers SIP service for multiple
<span class="hl lin" id="l_219" style="color: rgb(85, 85, 85);"> 219 </span> domains, e.g. atlanta.com and biloxi.com. Altough both domains
<span class="hl lin" id="l_220" style="color: rgb(85, 85, 85);"> 220 </span> will be hosted on a single SIP proxy, the SIP proxy needs 2
<span class="hl lin" id="l_221" style="color: rgb(85, 85, 85);"> 221 </span> certificates: One for atlanta.com and one for biloxi.com. For
<span class="hl lin" id="l_222" style="color: rgb(85, 85, 85);"> 222 </span> incoming TLS connections</pre><pre class="hl" style="background-color: rgb(255, 255, 255); font-size: 10pt; font-family: "Courier New", monospace;"><br></pre><pre class="hl" style="background-color: rgb(255, 255, 255); font-size: 10pt; font-family: "Courier New", monospace;"><span style="font-family: initial; font-size: initial;">If you need one cert per domain, maybe it implies that you need to have the domain as the CN instead of a SAN?</span></pre><pre class="hl" style="background-color: rgb(255, 255, 255); font-size: 10pt; font-family: "Courier New", monospace;"><span style="font-family: initial; font-size: initial;"><br></span></pre><pre class="hl" style="background-color: rgb(255, 255, 255); font-size: 10pt; font-family: "Courier New", monospace;"><span style="font-family: initial; font-size: initial;">Kevin </span></pre></div></div><div id="_original_msg_header_BBPPID" dir="auto"> <table width="100%" style="border-spacing: 0px; display: table; outline: none;" contenteditable="false"><tbody><tr><td colspan="2" style="padding: initial; font-size: initial; text-align: initial;"> <div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(181, 196, 223); padding: 3pt 0in 0in; font-family: Tahoma, "BB Alpha Sans", "Slate Pro"; font-size: 10pt;"> <div id="from"><b>From:</b> farmorg@gmail.com</div><div id="sent"><b>Sent:</b> November 13, 2020 10:43 a.m.</div><div id="to"><b>To:</b> users@lists.opensips.org</div><div id="reply_to"><b>Reply to:</b> users@lists.opensips.org</div><div id="subject"><b>Subject:</b> Re: [OpenSIPS-Users] Teams TLS Error</div></div></td></tr></tbody></table> <br> </div><!--start of _originalContent --><div name="BB10" dir="auto" style="background-image: initial; line-height: initial; outline: none;" contenteditable="false"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">OK so now I have this:<br><div><br></div><div><div>modparam("tls_mgm","certificate", "[<a href="http://my.domain.name">my.domain.name</a>]/usr/local/etc/opensips/tls/<wbr><a href="http://myCert.pem">myCert.pem</a><wbr>")</div><div>modparam("tls_mgm","private_key", "[<span style="color:rgb( 0 , 0 , 0 );font-family:'-webkit-standard';font-size:medium"><a href="http://my.domain.name">my.domain.name</a></span>]/usr/local/etc/opensips/tls/<wbr><a href="http://myKey.key">myKey.key</a><wbr>")</div><div>modparam("tls_mgm","ca_dir", "/etc/ssl/certs")</div><div>modparam("tls_mgm","verify_cert", "[<span style="color:rgb( 0 , 0 , 0 );font-family:'-webkit-standard';font-size:medium"><a href="http://my.domain.name">my.domain.name</a></span>]1")</div><div>modparam("tls_mgm","require_cert", "[<span style="color:rgb( 0 , 0 , 0 );font-family:'-webkit-standard';font-size:medium"><a href="http://my.domain.name">my.domain.name</a></span>]1")</div><div>modparam("tls_mgm","tls_method", "[<span style="color:rgb( 0 , 0 , 0 );font-family:'-webkit-standard';font-size:medium"><a href="http://my.domain.name">my.domain.name</a></span>]TLSv1_2")</div><div>modparam("tls_mgm", "match_sip_domain", "<span style="color:rgb( 0 , 0 , 0 );font-family:'-webkit-standard';font-size:medium"><a href="http://my.domain.name">my.domain.name</a></span>")</div></div><div><br></div><div>But now it claims that <a href="http://my.domain.name">my.domain.name</a> is not defined in <wbr><a href="http://myCert.pem">myCert.pem</a><wbr></div><div>I know it is - it is in a SAN within the certificate.</div><div><br></div><div>Any suggestions?</div><div>Many thanks</div><div>Mark.</div><div><br></div></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 13 Nov 2020 at 15:12, Kevin Vines <<a href="mailto:kevin.vines@gmail.com">kevin.vines@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb( 204 , 204 , 204 );padding-left:1ex"><div style="background-color:rgb( 255 , 255 , 255 )"><div id="gmail-m_9038209434663990990response_container_BBPPID" style="outline:none" dir="auto"> <div id="gmail-m_9038209434663990990BB10_response_div_BBPPID" dir="auto" style="width:100%"> Hi Mark,</div><div id="gmail-m_9038209434663990990BB10_response_div_BBPPID" dir="auto" style="width:100%"><br></div><div id="gmail-m_9038209434663990990BB10_response_div_BBPPID" dir="auto" style="width:100%">Based on some googling it looks like you need to specify the domain eg:</div><div id="gmail-m_9038209434663990990BB10_response_div_BBPPID" dir="auto" style="width:100%"><br></div><div id="gmail-m_9038209434663990990BB10_response_div_BBPPID" dir="auto" style="width:100%">modparam("tls_mgm","verify_cert", "[<a href="http://domain.com">domain.com</a>]1")</div> <div id="gmail-m_9038209434663990990response_div_spacer_BBPPID" dir="auto" style="width:100%"> <br></div><div id="gmail-m_9038209434663990990response_div_spacer_BBPPID" dir="auto" style="width:100%"><a href="https://fossies.org/linux/opensips/modules/tls_mgm/README">https://fossies.org/linux/opensips/modules/tls_mgm/README</a></div> <div id="gmail-m_9038209434663990990blackberry_signature_BBPPID" dir="auto"> <div id="gmail-m_9038209434663990990_signaturePlaceholder_BBPPID" dir="auto"><p dir="ltr">Kevin <br></p></div> </div></div><div id="gmail-m_9038209434663990990_original_msg_header_BBPPID" dir="auto"> <table id="gmail-m_9038209434663990990_pHCWrapper_BBPPID" width="100%" style="border-spacing:0px;display:table;outline:none"><tbody><tr><td colspan="2"> <div style="border-style:solid none none;border-top-width:1pt;border-top-color:rgb( 181 , 196 , 223 );padding:3pt 0in 0in;font-family:'tahoma' , 'bb alpha sans' , 'slate pro';font-size:10pt"> <div id="gmail-m_9038209434663990990from"><b>From:</b> <a href="mailto:farmorg@gmail.com">farmorg@gmail.com</a></div><div id="gmail-m_9038209434663990990sent"><b>Sent:</b> November 13, 2020 9:49 a.m.</div><div id="gmail-m_9038209434663990990to"><b>To:</b> <a href="mailto:users@lists.opensips.org">users@lists.opensips.org</a></div><div id="gmail-m_9038209434663990990reply_to"><b>Reply to:</b> <a href="mailto:users@lists.opensips.org">users@lists.opensips.org</a></div><div id="gmail-m_9038209434663990990subject"><b>Subject:</b> [OpenSIPS-Users] Teams TLS Error</div></div></td></tr></tbody></table> <br> </div><div dir="auto" style="outline:none"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi everyone<br><div dir="ltr"></div><div><br></div><div>OpenSIPS 3.1.0</div><div><br></div><div>I am following the OpenSIPS as Teams SBC guide and have added the TLS config:</div><div><br></div><div><div>modparam("tls_mgm","verify_cert", "1")</div><div>modparam("tls_mgm","require_cert", "1")</div><div>modparam("tls_mgm","tls_method", "TLSv1_2")</div><div>modparam("tls_mgm","certificate", "/usr/local/etc/opensips/tls/<a href="http://myCert.pem">myCert.pem</a>")</div><div>modparam("tls_mgm","private_key", "/usr/local/etc/opensips/tls/<a href="http://myKey.key">myKey.key</a>")</div><div>modparam("tls_mgm", "ca_dir", "/etc/ssl/certs")</div></div><div><br></div><div>But I am seeing a TLS domain error:</div><div><br></div><div><div>Nov 13 14:36:50 [175314] ERROR:tls_mgm:split_param_val: No TLS domain name</div><div>Nov 13 14:36:50 [175314] Traceback (last included file at the bottom):</div><div>Nov 13 14:36:50 [175314] 0. /usr/local//etc/opensips/<a href="http://opensips.cfg">opensips.cfg</a></div><div>Nov 13 14:36:50 [175314] CRITICAL:core:yyerror: parse error in /usr/local//etc/opensips/<a href="http://opensips.cfg:191">opensips.cfg:191</a>:19-20: Parameter <verify_cert> not found in module <tls_mgm> - can't set</div><div>Nov 13 14:36:50 [175314] #modparam("tls_mgm", "require_cert", "[dom4]1")</div><div>Nov 13 14:36:50 [175314]</div><div>Nov 13 14:36:50 [175314] modparam("tls_mgm","verify_cert", "1")</div><div>Nov 13 14:36:50 [175314] ^~</div><div>Nov 13 14:36:50 [175314] modparam("tls_mgm","require_cert", "1")</div><div>Nov 13 14:36:50 [175314] modparam("tls_mgm","tls_method", "TLSv1_2")</div><div>Nov 13 14:36:50 [175314] DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm</div><div>Nov 13 14:36:50 [175314] DBG:core:set_mod_param_regex: found <require_cert> in module tls_mgm [/usr/local/lib64/opensips/modules/]</div><div>Nov 13 14:36:50 [175314] ERROR:tls_mgm:split_param_val: No TLS domain name</div></div><div><br></div><div>Can anyone tell me what I might be missing please?</div><div><br></div><div>Many thanks</div><div>Mark.</div><div><br></div></div></div></div>
</div></div>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">Mark Farmer<br><a href="mailto:farmorg@gmail.com">farmorg@gmail.com</a></div>
<!--end of _originalContent --></div></body></html>