<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Mark,</p>
<p>Can you post the actual errors that you get in the OpenSIPS logs,
if that is the case?</p>
<p>Regards,</p>
<pre class="moz-signature" cols="72">--
Vlad Patrascu
OpenSIPS Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 16.11.2020 11:04, Mark Farmer wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAOvQDet9Mu9OXHcw1x236kUWkSvJnv+q0G52_fqo7BkaraPG2A@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Good morning all
<div><br>
</div>
<div>Can anyone clarify whether the TLS domain in SAN is
supported or not please?</div>
<div><br>
</div>
<div>Many thanks</div>
<div>Mark.</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, 13 Nov 2020 at 15:59,
Kevin Vines <<a href="mailto:kevin.vines@gmail.com"
moz-do-not-send="true">kevin.vines@gmail.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div
style="background-color:rgb(255,255,255);line-height:initial">
<div
id="gmail-m_8643232066864092418response_container_BBPPID"
style="outline:none" dir="auto">
<div name="BB10"
id="gmail-m_8643232066864092418BB10_response_div_BBPPID"
dir="auto" style="width:100%"> You got me there... the
doc states</div>
<div name="BB10"
id="gmail-m_8643232066864092418BB10_response_div_BBPPID"
dir="auto" style="width:100%"><br>
</div>
<div name="BB10"
id="gmail-m_8643232066864092418BB10_response_div_BBPPID"
dir="auto" style="width:100%">
<pre style="background-color:rgb(255,255,255);font-size:10pt;font-family:"Courier New",monospace">OpenSIPS offers SIP service for multiple
<span id="gmail-m_8643232066864092418l_219" style="color:rgb(85,85,85)"> 219 </span> domains, e.g. <a href="http://atlanta.com" target="_blank" moz-do-not-send="true">atlanta.com</a> and <a href="http://biloxi.com" target="_blank" moz-do-not-send="true">biloxi.com</a>. Altough both domains
<span id="gmail-m_8643232066864092418l_220" style="color:rgb(85,85,85)"> 220 </span> will be hosted on a single SIP proxy, the SIP proxy needs 2
<span id="gmail-m_8643232066864092418l_221" style="color:rgb(85,85,85)"> 221 </span> certificates: One for <a href="http://atlanta.com" target="_blank" moz-do-not-send="true">atlanta.com</a> and one for <a href="http://biloxi.com" target="_blank" moz-do-not-send="true">biloxi.com</a>. For
<span id="gmail-m_8643232066864092418l_222" style="color:rgb(85,85,85)"> 222 </span> incoming TLS connections</pre>
<pre style="background-color:rgb(255,255,255);font-size:10pt;font-family:"Courier New",monospace">
</pre>
<pre style="background-color:rgb(255,255,255);font-size:10pt;font-family:"Courier New",monospace"><span style="font-family:initial;font-size:initial">If you need one cert per domain, maybe it implies that you need to have the domain as the CN instead of a SAN?</span></pre>
<pre style="background-color:rgb(255,255,255);font-size:10pt;font-family:"Courier New",monospace"><span style="font-family:initial;font-size:initial">
</span></pre>
<pre style="background-color:rgb(255,255,255);font-size:10pt;font-family:"Courier New",monospace"><span style="font-family:initial;font-size:initial">Kevin </span></pre>
</div>
</div>
<div
id="gmail-m_8643232066864092418_original_msg_header_BBPPID"
dir="auto">
<table
style="border-spacing:0px;display:table;outline:none"
width="100%">
<tbody>
<tr>
<td colspan="2"
style="font-size:initial;text-align:initial">
<div style="border-style:solid none
none;border-top-width:1pt;border-top-color:rgb(181,196,223);padding:3pt
0in 0in;font-family:Tahoma,"BB Alpha
Sans","Slate Pro";font-size:10pt">
<div id="gmail-m_8643232066864092418from"><b>From:</b>
<a href="mailto:farmorg@gmail.com"
target="_blank" moz-do-not-send="true">farmorg@gmail.com</a></div>
<div id="gmail-m_8643232066864092418sent"><b>Sent:</b>
November 13, 2020 10:43 a.m.</div>
<div id="gmail-m_8643232066864092418to"><b>To:</b>
<a href="mailto:users@lists.opensips.org"
target="_blank" moz-do-not-send="true">users@lists.opensips.org</a></div>
<div id="gmail-m_8643232066864092418reply_to"><b>Reply
to:</b> <a
href="mailto:users@lists.opensips.org"
target="_blank" moz-do-not-send="true">users@lists.opensips.org</a></div>
<div id="gmail-m_8643232066864092418subject"><b>Subject:</b>
Re: [OpenSIPS-Users] Teams TLS Error</div>
</div>
</td>
</tr>
</tbody>
</table>
<br>
</div>
<div name="BB10" dir="auto"
style="line-height:initial;outline:none">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">OK so now I have this:<br>
<div><br>
</div>
<div>
<div>modparam("tls_mgm","certificate", "[<a
href="http://my.domain.name"
target="_blank" moz-do-not-send="true">my.domain.name</a>]/usr/local/etc/opensips/tls/<a
href="http://myCert.pem"
target="_blank" moz-do-not-send="true">myCert.pem</a>")</div>
<div>modparam("tls_mgm","private_key", "[<span
style="color:rgb(0,0,0);font-family:-webkit-standard;font-size:medium"><a
href="http://my.domain.name"
target="_blank"
moz-do-not-send="true">my.domain.name</a></span>]/usr/local/etc/opensips/tls/<a
href="http://myKey.key"
target="_blank" moz-do-not-send="true">myKey.key</a>")</div>
<div>modparam("tls_mgm","ca_dir",
"/etc/ssl/certs")</div>
<div>modparam("tls_mgm","verify_cert", "[<span
style="color:rgb(0,0,0);font-family:-webkit-standard;font-size:medium"><a
href="http://my.domain.name"
target="_blank"
moz-do-not-send="true">my.domain.name</a></span>]1")</div>
<div>modparam("tls_mgm","require_cert", "[<span
style="color:rgb(0,0,0);font-family:-webkit-standard;font-size:medium"><a
href="http://my.domain.name"
target="_blank"
moz-do-not-send="true">my.domain.name</a></span>]1")</div>
<div>modparam("tls_mgm","tls_method", "[<span
style="color:rgb(0,0,0);font-family:-webkit-standard;font-size:medium"><a
href="http://my.domain.name"
target="_blank"
moz-do-not-send="true">my.domain.name</a></span>]TLSv1_2")</div>
<div>modparam("tls_mgm",
"match_sip_domain", "<span
style="color:rgb(0,0,0);font-family:-webkit-standard;font-size:medium"><a
href="http://my.domain.name"
target="_blank"
moz-do-not-send="true">my.domain.name</a></span>")</div>
</div>
<div><br>
</div>
<div>But now it claims that <a
href="http://my.domain.name"
target="_blank" moz-do-not-send="true">my.domain.name</a>
is not defined in <a
href="http://myCert.pem" target="_blank"
moz-do-not-send="true">myCert.pem</a></div>
<div>I know it is - it is in a SAN
within the certificate.</div>
<div><br>
</div>
<div>Any suggestions?</div>
<div>Many thanks</div>
<div>Mark.</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, 13 Nov 2020 at
15:12, Kevin Vines <<a
href="mailto:kevin.vines@gmail.com" target="_blank"
moz-do-not-send="true">kevin.vines@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div style="background-color:rgb(255,255,255)">
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990response_container_BBPPID"
style="outline:none" dir="auto">
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990BB10_response_div_BBPPID"
dir="auto" style="width:100%"> Hi Mark,</div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990BB10_response_div_BBPPID"
dir="auto" style="width:100%"><br>
</div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990BB10_response_div_BBPPID"
dir="auto" style="width:100%">Based on some
googling it looks like you need to specify the
domain eg:</div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990BB10_response_div_BBPPID"
dir="auto" style="width:100%"><br>
</div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990BB10_response_div_BBPPID"
dir="auto" style="width:100%">modparam("tls_mgm","verify_cert",
"[<a href="http://domain.com" target="_blank"
moz-do-not-send="true">domain.com</a>]1")</div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990response_div_spacer_BBPPID"
dir="auto" style="width:100%"> <br>
</div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990response_div_spacer_BBPPID"
dir="auto" style="width:100%"><a
href="https://fossies.org/linux/opensips/modules/tls_mgm/README"
target="_blank" moz-do-not-send="true">https://fossies.org/linux/opensips/modules/tls_mgm/README</a></div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990blackberry_signature_BBPPID"
dir="auto">
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990_signaturePlaceholder_BBPPID"
dir="auto">
<p dir="ltr">Kevin <br>
</p>
</div>
</div>
</div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990_original_msg_header_BBPPID"
dir="auto">
<table
id="gmail-m_8643232066864092418gmail-m_9038209434663990990_pHCWrapper_BBPPID"
style="border-spacing:0px;display:table;outline:none" width="100%">
<tbody>
<tr>
<td colspan="2">
<div style="border-style:solid none
none;border-top-width:1pt;border-top-color:rgb(181,196,223);padding:3pt
0in 0in;font-family:tahoma,"bb
alpha sans","slate
pro";font-size:10pt">
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990from"><b>From:</b>
<a href="mailto:farmorg@gmail.com"
target="_blank"
moz-do-not-send="true">farmorg@gmail.com</a></div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990sent"><b>Sent:</b>
November 13, 2020 9:49 a.m.</div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990to"><b>To:</b>
<a
href="mailto:users@lists.opensips.org"
target="_blank"
moz-do-not-send="true">users@lists.opensips.org</a></div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990reply_to"><b>Reply
to:</b> <a
href="mailto:users@lists.opensips.org"
target="_blank"
moz-do-not-send="true">users@lists.opensips.org</a></div>
<div
id="gmail-m_8643232066864092418gmail-m_9038209434663990990subject"><b>Subject:</b>
[OpenSIPS-Users] Teams TLS Error</div>
</div>
</td>
</tr>
</tbody>
</table>
<br>
</div>
<div dir="auto" style="outline:none">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hi everyone<br>
<div><br>
</div>
<div>OpenSIPS 3.1.0</div>
<div><br>
</div>
<div>I am following the OpenSIPS as Teams
SBC guide and have added the TLS config:</div>
<div><br>
</div>
<div>
<div>modparam("tls_mgm","verify_cert",
"1")</div>
<div>modparam("tls_mgm","require_cert",
"1")</div>
<div>modparam("tls_mgm","tls_method",
"TLSv1_2")</div>
<div>modparam("tls_mgm","certificate",
"/usr/local/etc/opensips/tls/<a
href="http://myCert.pem"
target="_blank" moz-do-not-send="true">myCert.pem</a>")</div>
<div>modparam("tls_mgm","private_key",
"/usr/local/etc/opensips/tls/<a
href="http://myKey.key"
target="_blank" moz-do-not-send="true">myKey.key</a>")</div>
<div>modparam("tls_mgm", "ca_dir",
"/etc/ssl/certs")</div>
</div>
<div><br>
</div>
<div>But I am seeing a TLS domain error:</div>
<div><br>
</div>
<div>
<div>Nov 13 14:36:50 [175314]
ERROR:tls_mgm:split_param_val: No TLS
domain name</div>
<div>Nov 13 14:36:50 [175314] Traceback
(last included file at the bottom):</div>
<div>Nov 13 14:36:50 [175314] 0.
/usr/local//etc/opensips/<a
href="http://opensips.cfg"
target="_blank" moz-do-not-send="true">opensips.cfg</a></div>
<div>Nov 13 14:36:50 [175314]
CRITICAL:core:yyerror: parse error in
/usr/local//etc/opensips/<a
href="http://opensips.cfg:191"
target="_blank" moz-do-not-send="true">opensips.cfg:191</a>:19-20:
Parameter <verify_cert> not found
in module <tls_mgm> - can't set</div>
<div>Nov 13 14:36:50 [175314]
#modparam("tls_mgm", "require_cert",
"[dom4]1")</div>
<div>Nov 13 14:36:50 [175314]</div>
<div>Nov 13 14:36:50 [175314]
modparam("tls_mgm","verify_cert", "1")</div>
<div>Nov 13 14:36:50 [175314] ^~</div>
<div>Nov 13 14:36:50 [175314]
modparam("tls_mgm","require_cert", "1")</div>
<div>Nov 13 14:36:50 [175314]
modparam("tls_mgm","tls_method",
"TLSv1_2")</div>
<div>Nov 13 14:36:50 [175314]
DBG:core:set_mod_param_regex: tls_mgm
matches module tls_mgm</div>
<div>Nov 13 14:36:50 [175314]
DBG:core:set_mod_param_regex: found
<require_cert> in module tls_mgm
[/usr/local/lib64/opensips/modules/]</div>
<div>Nov 13 14:36:50 [175314]
ERROR:tls_mgm:split_param_val: No TLS
domain name</div>
</div>
<div><br>
</div>
<div>Can anyone tell me what I might be
missing please?</div>
<div><br>
</div>
<div>Many thanks</div>
<div>Mark.</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org"
target="_blank" moz-do-not-send="true">Users@lists.opensips.org</a><br>
<a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
target="_blank" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">Mark Farmer<br>
<a href="mailto:farmorg@gmail.com" target="_blank"
moz-do-not-send="true">farmorg@gmail.com</a></div>
</div>
</div>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank"
moz-do-not-send="true">Users@lists.opensips.org</a><br>
<a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail_signature">Mark Farmer<br>
<a href="mailto:farmorg@gmail.com" target="_blank"
moz-do-not-send="true">farmorg@gmail.com</a></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
</body>
</html>