<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Hi Wang,<br>
<br>
A quick googling shows that the problem is with your certificate,
being md5 signed - and this is considered a week signature. Check
this<br>
<a class="moz-txt-link-freetext" href="https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep">https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep</a><br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 5/23/22 5:40 AM, Wang Wilson wrote:<br>
</div>
<blockquote type="cite"
cite="mid:OS3PR01MB9483BDACD8F064BB94D868DFCAD49@OS3PR01MB9483.jpnprd01.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:DengXian;}.MsoChpDefault
{mso-style-type:export-only;}div.WordSection1
{page:WordSection1;}</style>
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">This is my folder user
rights status, and I am running Opensips3.1 under root user</span><span
style="font-family:"Arial",sans-serif;color:#202124;background:white"
lang="EN-US"> privilege</span><span lang="EN-US">.</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">root@wilson-VirtualBox:/etc/opensips/tls/user#
ls -lrth /etc/opensips/tls/user</span></p>
<p class="MsoNormal"><span lang="EN-US">total 20K</span></p>
<p class="MsoNormal"><span lang="EN-US">-rw------- 1 root root
1.7K 5</span>月<span lang="EN-US"> 23 10:34 user-privkey.pem</span></p>
<p class="MsoNormal"><span lang="EN-US">-rw-r--r-- 1 root root
1.1K 5</span>月<span lang="EN-US"> 23 10:34
user-cert_req.pem</span></p>
<p class="MsoNormal"><span lang="EN-US">-rw-r--r-- 1 root root
4.2K 5</span>月<span lang="EN-US"> 23 10:34 user-cert.pem</span></p>
<p class="MsoNormal"><span lang="EN-US">-rw-r--r-- 1 root root
1.3K 5</span>月<span lang="EN-US"> 23 10:34 user-calist.pem</span></p>
<p class="MsoNormal"><span lang="EN-US">root@wilson-VirtualBox:/etc/opensips/tls/user#</span><span
style="font-size:12.0pt" lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Can you tell if there is
anything need to pay attention?</span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Regards</span></p>
<p class="MsoNormal"><span lang="EN-US">Wilson</span><span
style="font-size:12.0pt;font-family:SimSun" lang="EN-US"><o:p></o:p></span></p>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b> Users
<a class="moz-txt-link-rfc2396E" href="mailto:users-bounces@lists.opensips.org"><users-bounces@lists.opensips.org></a> on behalf of ideanet
help <a class="moz-txt-link-rfc2396E" href="mailto:ideanethelp@gmail.com"><ideanethelp@gmail.com></a><br>
<b>Sent:</b> Monday, May 23, 2022 6:53:41 AM<br>
<b>To:</b> OpenSIPS users mailling list
<a class="moz-txt-link-rfc2396E" href="mailto:users@lists.opensips.org"><users@lists.opensips.org></a><br>
<b>Subject:</b> Re: [OpenSIPS-Users] TLS Error</font>
<div> </div>
</div>
<div>
<div dir="ltr">Hi Wang,
<div>Can you check the user rights of that directory? ls -lrth
/etc/opensips/tls/user</div>
<div><br>
</div>
</div>
<br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Mon, May 23, 2022 at
3:10 AM Wang Wilson <<a href="mailto:wyhc@hotmail.com"
moz-do-not-send="true">wyhc@hotmail.com</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px
0.8ex; border-left:1px solid rgb(204,204,204);
padding-left:1ex">
<div style="" lang="ZH-CN">
<div class="x_gmail-m_3775418017969671866WordSection1">
<p class="x_MsoNormal"><span lang="EN-US">Hello,</span></p>
<p class="x_MsoNormal"><span lang="EN-US">I am sending
this to follow the issue that was reported on
</span><i><span style="font-size:13.5pt;
font-family:"Microsoft
YaHei",sans-serif; color:black" lang="EN-US">Sep
17 13:13:06 EST 2020.</span></i><span
style="font-size:12pt" lang="EN-US"></span></p>
<p class="x_MsoNormal"><span lang="EN-US"> </span></p>
<p class="x_MsoNormal"><span lang="EN-US">My problem is
that I get the same error message, but the path to
/etc/opensips/tls/user/user-cert.pem is correct and
it is not symlink file.</span></p>
<p class="x_MsoNormal"><span lang="EN-US"> </span></p>
<p class="x_MsoNormal"><span lang="EN-US">I just start
to explore the TLS method for us to support SIP
service. What could be the reason for this</span>?
</p>
<p class="x_MsoNormal"><span lang="EN-US"> </span></p>
<p class="x_MsoNormal"><span lang="EN-US">Thanks in
advance.</span></p>
<p class="x_MsoNormal"><span lang="EN-US"> </span></p>
<p class="x_MsoNormal"><span lang="EN-US">Regards</span></p>
<p class="x_MsoNormal"><span lang="EN-US">Wilson</span></p>
<p class="x_MsoNormal"><span lang="EN-US">------------------------------------------------------------------------------------------</span></p>
<p class="x_MsoNormal"><span lang="EN-US"><a class="moz-txt-link-freetext" href="INFO:core:mod_init">INFO:core:mod_init</a>:
initializing TCP-plain protocol</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
<a class="moz-txt-link-freetext" href="INFO:tls_mgm:mod_init">INFO:tls_mgm:mod_init</a>: initializing TLS management</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
<a class="moz-txt-link-freetext" href="INFO:tls_mgm:mod_init">INFO:tls_mgm:mod_init</a>: disabling compression due
ZLIB problems</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
<a class="moz-txt-link-freetext" href="INFO:tls_mgm:init_tls_dom">INFO:tls_mgm:init_tls_dom</a>: Processing TLS domain
'default'</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
NOTICE:tls_mgm:init_tls_dom: No EC curve defined</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
<a class="moz-txt-link-freetext" href="INFO:tls_mgm:get_ssl_ctx_verify_mode">INFO:tls_mgm:get_ssl_ctx_verify_mode</a>: client
verification activated. Client certificates are NOT
mandatory.</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
NOTICE:tls_mgm:init_tls_dom: no CA dir for tls
'default' defined, using default '/etc/pki/CA/'</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
NOTICE:tls_mgm:init_tls_dom: no crl for tls, using
none</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
ERROR:tls_mgm:tls_print_errstack: TLS errstack:
error:140AB18E:SSL
routines:SSL_CTX_use_certificate:ca md too weak</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
ERROR:tls_mgm:load_certificate: unable to load
certificate file
'/etc/opensips/tls/user/user-cert.pem'</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
ERROR:tls_mgm:init_tls_domains: Failed to init TLS
domain 'default'</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
ERROR:core:init_mod: failed to initialize module
tls_mgm</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
ERROR:core:main: error while initializing modules</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
<a class="moz-txt-link-freetext" href="INFO:core:cleanup">INFO:core:cleanup</a>: cleanup</span></p>
<p class="x_MsoNormal"><span lang="EN-US">May 22
22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
NOTICE:core:main: Exiting....</span></p>
<p class="x_MsoNormal"><span lang="EN-US"> </span></p>
<p class="x_MsoNormal"><span style="font-size:12pt;
font-family:SimSun" lang="EN-US"> </span></p>
</div>
</div>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank"
moz-do-not-send="true">Users@lists.opensips.org</a><br>
<a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>