<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <font face="monospace">Right, but in the new cfg you should have<br>
      <br>
      <br>
      <span style="font-size:16px">modparam("tls_mgm", "require_cert",
        "[dom2]0")<br>
        <br>
        and not "1"<br>
        <br>
        Regards,<br>
      </span></font>
    <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  <a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Bootcamp 5-16 Dec 2022, online
  <a class="moz-txt-link-freetext" href="https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/">https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/</a></pre>
    <div class="moz-cite-prefix">On 1/4/23 2:59 AM, L S wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAPVhdZ9MWMMyYEOn5z7giYogu=YDk5t5=aX-zUkos_K4kd5esw@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="auto">Hi Bogdan,
        <div dir="auto"><br>
        </div>
        <div dir="auto">This worked for us:<br>
          <div dir="auto"><br>
          </div>
          <div dir="auto">
            <div dir="auto">server verify_cert=0</div>
            <div dir="auto">server require_cert=1</div>
            <div dir="auto">client verify_cert=1</div>
            <div dir="auto">client require_cert=1</div>
            <div dir="auto"><br>
            </div>
            <div dir="auto">Thanks.</div>
          </div>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Tue, Jan 3, 2023, 2:07 PM
          Bogdan-Andrei Iancu <<a href="mailto:bogdan@opensips.org"
            moz-do-not-send="true">bogdan@opensips.org</a>> wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0 0 0
          .8ex;border-left:1px #ccc solid;padding-left:1ex">
          <div> <font face="monospace">Hi Matt,<br>
              <br>
              I guess the "require_cert" should 0 for both domains,
              right ?<br>
              <br>
              Regards,<br>
            </font>
            <pre cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  <a href="https://www.opensips-solutions.com" target="_blank" rel="noreferrer" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Bootcamp 5-16 Dec 2022, online
  <a href="https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/" target="_blank" rel="noreferrer" moz-do-not-send="true">https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/</a></pre>
            <div>On 12/23/22 9:55 PM, L S wrote:<br>
            </div>
            <blockquote type="cite">
              <div dir="auto"><span style="font-size:16px">Hi,</span><br
                  style="font-size:12.8px">
                <span style="font-size:16px">We are upgrading from
                  1.11.5 tls to 3.2.9. In 1.11 we had issues with the
                  client certificate so we had to set the following:</span><span
                  style="font-size:12.8px"></span><br
                  style="font-size:12.8px">
                <br style="font-size:12.8px">
                <span style="font-size:16px"># 1.11 parameters</span><br
                  style="font-size:12.8px">
                <span style="font-size:16px">tls_verify_server = 1</span><br
                  style="font-size:12.8px">
                <span style="font-size:16px">tls_verify_client = 0   
                  tls_require_client_certificate = 0</span><span
                  style="font-size:12.8px"></span><br
                  style="font-size:12.8px">
                <br style="font-size:12.8px">
                <span style="font-size:16px">TLS works fine for us with
                  those settings. Now we are trying to migrate them to
                  3.2.9 and having issues. Just wanted to confirm</span><br
                  style="font-size:12.8px">
                <span style="font-size:16px">if the following is correct
                  way to migrate those parameters to 3.2? (Just included
                  those parameters - the domains are set up correctly)</span><span
                  style="font-size:12.8px"></span><br
                  style="font-size:12.8px">
                <br style="font-size:12.8px">
                <span style="font-size:16px">Server domain</span><br
                  style="font-size:12.8px">
                <span style="font-size:16px">modparam("tls_mgm",
                  "verify_cert", "[dom1]0")</span><br
                  style="font-size:12.8px">
                <span style="font-size:16px">modparam("tls_mgm",
                  "require_cert", "[dom1]0")</span><span
                  style="font-size:12.8px"></span><br
                  style="font-size:12.8px">
                <br style="font-size:12.8px">
                <span style="font-size:16px">Client domain</span><br
                  style="font-size:12.8px">
                <span style="font-size:16px">modparam("tls_mgm",
                  "verify_cert", "[dom2]1")</span><br
                  style="font-size:12.8px">
                <span style="font-size:16px">modparam("tls_mgm",
                  "require_cert", "[dom2]1")</span><span
                  style="font-size:12.8px"></span><br
                  style="font-size:12.8px">
                <br style="font-size:12.8px">
                <span style="font-size:16px">Thanks,</span><br
                  style="font-size:12.8px">
                <span style="font-size:16px">Matt</span></div>
              <br>
              <fieldset></fieldset>
              <pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer" moz-do-not-send="true">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank" rel="noreferrer" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
            </blockquote>
            <br>
          </div>
        </blockquote>
      </div>
    </blockquote>
    <br>
  </body>
</html>