<div dir="ltr">Hi All,<br><div><br></div><div>I recently encountered an issue where our certificates were renewed, following which I issued: <b>opensips-cli -x mi tls_reload</b></div><div><br></div><div>The CLI action indicated success however on closer inspection of the handshake we could see the previous certificate was continuing to be presented. Previously I have had success with the reload operation. In this situation only a full restart resolved the issue and loaded the updated certificates.</div><div><br></div><div>We are storing certificates in the database and only use domain default with a type 1 and type 2 record, both using the same certificate.</div><div><br></div><div>The following global params are set:</div><div><br></div><div>tcp_connection_lifetime=720<br>tcp_connect_timeout=200<br></div><div><br></div><div>We also use extremely long module timeout settings to deal with an outrageously slow peer (slow on first connect):</div><div><br></div><div>modparam("tls_mgm", "tls_send_timeout", 2000)<br>modparam("tls_mgm", "tls_handshake_timeout", 2000)<br></div><div><br></div><div>Is tls_reload expected to work under all conditions or is there something else we need to do (i.e. tear down existing connections)? All log messages indicated success and as we are using lets encrypt certs the subject/issuer remained the same so only a packet capture revealed the actual serial number of the cert - as an aside it would be useful to have the SN reported in the reload operation.</div><div><br></div><div>Thanks,</div><div><br></div><div>Callum</div></div>
<br>
<p dir="ltr" style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em;line-height:1.38;margin-top:0pt;margin-bottom:0pt;text-align:justify"><font size="3" face="Verdana"><span style="font-size:8px;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span></font></p><div style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><img src="https://www.x-on.co.uk/email/footer/banner-03-2021.jpg"></div><div style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><br></div><div><div><div><font size="4" style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><b><sup><font face="Verdana">0333 332 0000 | <a href="https://www.x-on.co.uk" target="_blank">x-on.co.uk</a> | <sub> </sub></font></sup></b></font><font size="4" style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><b><sub><sup><font face="Verdana"><a href="https://www.linkedin.com/company/x-on" target="_blank"><img src="http://www.x-on.co.uk//images/icon/linkedin.png" width="24" height="24"></a> <a href="https://www.facebook.com/XonTel" target="_blank"><img src="http://www.x-on.co.uk//images/icon/facebook.png" width="24" height="24"></a> <a href="https://twitter.com/xonuk" target="_blank"><img src="http://www.x-on.co.uk//images/icon/twitter.png" width="24" height="24"></a></font></sup></sub> </b></font><b style="font-family:Arial,Helvetica,sans-serif;font-size:large"><sup><font face="Verdana"> | <a href="https://www.x-on.co.uk/service/surgery-connect/coronavirus.htm" target="_blank">Coronavirus</a></font></sup></b><b style="font-size:16.9px"><sup><font face="Verdana"> | <a href="https://practiceindex.co.uk/gp/x-on" target="_blank">Practice Index Reviews</a></font></sup></b><br><p style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><span style="font-family:Verdana;font-size:8px"><a href="http://www.itspa.org.uk/itspa-awards" target="_blank">THE ITSPA AWARDS 2020</a> AND Best ITSP - Mid Market, Best Software and Best Vertical Solution are trade marks of the Internet Telephony Services Providers' Association, used under licence.</span></p><p><font face="Verdana" color="#ff0000" size="1"><b>Our new office address: 22 Riduna Park, Melton IP12 1QT.</b></font></p><p style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><span style="font-size:6.0pt;font-family:Verdana;color:black">X-on
is a trading name of Storacall Technology Ltd a limited company registered in
England and Wales.<br>
Registered Office : Avaland House, 110 London Road, Apsley, Hemel Hempstead,
Herts, HP3 9SD. Company Registration No. 2578478.<br>
The information in this e-mail is confidential and for use by the addressee(s)
only. If you are not the intended recipient, please notify X-on immediately on <span>+44(0)333 332 0000</span> and delete the<br>message from your computer. If you are not a named addressee you must not use,
disclose, disseminate, distribute, copy, print or reply to this email. </span><span style="font-size:6.0pt;font-family:Verdana;color:black">Views
or opinions expressed by an individual<br>within this email may not necessarily
reflect the views of X-on or its associated companies. Although X-on routinely
screens for viruses, addressees should scan this email and any attachments<br>for
viruses. X-on makes no representation or warranty as to the absence of viruses
in this email or any attachments.</span></p>
<p style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><span style="font-size:6.0pt;font-family:Verdana;color:black"></span><font size="2"><span style="font-size:6.0pt;font-family:Verdana;color:black"></span></font></p></div></div></div>