<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Right, but in the new cfg you should have<br>
<br>
<br>
<span style="font-size:16px">modparam("tls_mgm", "require_cert",
"[dom2]0")<br>
<br>
and not "1"<br>
<br>
Regards,<br>
</span></font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Bootcamp 5-16 Dec 2022, online
<a class="moz-txt-link-freetext" href="https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/">https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/</a></pre>
<div class="moz-cite-prefix">On 1/4/23 2:59 AM, L S wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAPVhdZ9MWMMyYEOn5z7giYogu=YDk5t5=aX-zUkos_K4kd5esw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">Hi Bogdan,
<div dir="auto"><br>
</div>
<div dir="auto">This worked for us:<br>
<div dir="auto"><br>
</div>
<div dir="auto">
<div dir="auto">server verify_cert=0</div>
<div dir="auto">server require_cert=1</div>
<div dir="auto">client verify_cert=1</div>
<div dir="auto">client require_cert=1</div>
<div dir="auto"><br>
</div>
<div dir="auto">Thanks.</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, Jan 3, 2023, 2:07 PM
Bogdan-Andrei Iancu <<a href="mailto:bogdan@opensips.org"
moz-do-not-send="true">bogdan@opensips.org</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div> <font face="monospace">Hi Matt,<br>
<br>
I guess the "require_cert" should 0 for both domains,
right ?<br>
<br>
Regards,<br>
</font>
<pre cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a href="https://www.opensips-solutions.com" target="_blank" rel="noreferrer" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Bootcamp 5-16 Dec 2022, online
<a href="https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/" target="_blank" rel="noreferrer" moz-do-not-send="true">https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/</a></pre>
<div>On 12/23/22 9:55 PM, L S wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto"><span style="font-size:16px">Hi,</span><br
style="font-size:12.8px">
<span style="font-size:16px">We are upgrading from
1.11.5 tls to 3.2.9. In 1.11 we had issues with the
client certificate so we had to set the following:</span><span
style="font-size:12.8px"></span><br
style="font-size:12.8px">
<br style="font-size:12.8px">
<span style="font-size:16px"># 1.11 parameters</span><br
style="font-size:12.8px">
<span style="font-size:16px">tls_verify_server = 1</span><br
style="font-size:12.8px">
<span style="font-size:16px">tls_verify_client = 0
tls_require_client_certificate = 0</span><span
style="font-size:12.8px"></span><br
style="font-size:12.8px">
<br style="font-size:12.8px">
<span style="font-size:16px">TLS works fine for us with
those settings. Now we are trying to migrate them to
3.2.9 and having issues. Just wanted to confirm</span><br
style="font-size:12.8px">
<span style="font-size:16px">if the following is correct
way to migrate those parameters to 3.2? (Just included
those parameters - the domains are set up correctly)</span><span
style="font-size:12.8px"></span><br
style="font-size:12.8px">
<br style="font-size:12.8px">
<span style="font-size:16px">Server domain</span><br
style="font-size:12.8px">
<span style="font-size:16px">modparam("tls_mgm",
"verify_cert", "[dom1]0")</span><br
style="font-size:12.8px">
<span style="font-size:16px">modparam("tls_mgm",
"require_cert", "[dom1]0")</span><span
style="font-size:12.8px"></span><br
style="font-size:12.8px">
<br style="font-size:12.8px">
<span style="font-size:16px">Client domain</span><br
style="font-size:12.8px">
<span style="font-size:16px">modparam("tls_mgm",
"verify_cert", "[dom2]1")</span><br
style="font-size:12.8px">
<span style="font-size:16px">modparam("tls_mgm",
"require_cert", "[dom2]1")</span><span
style="font-size:12.8px"></span><br
style="font-size:12.8px">
<br style="font-size:12.8px">
<span style="font-size:16px">Thanks,</span><br
style="font-size:12.8px">
<span style="font-size:16px">Matt</span></div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer" moz-do-not-send="true">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank" rel="noreferrer" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>