<div dir="auto">Hi Razvan,<div dir="auto">They don't match. Not sure if sth on my end causing this problem. I was using opensips-cli only to create the certificates.</div><div dir="auto"><br></div><div dir="auto">Anyway I used openssl directly instead to create the CA and server certificates. They are working fine.</div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Matt</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Sep 27, 2023, 9:50 AM Răzvan Crainea <<a href="mailto:razvan@opensips.org">razvan@opensips.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Can you actually check that the two (private key and certificate) match?<br>
<a href="https://www.ibm.com/support/pages/how-verify-if-private-key-matches-certificate" rel="noreferrer noreferrer" target="_blank">https://www.ibm.com/support/pages/how-verify-if-private-key-matches-certificate</a><br>
<br>
Best regards,<br>
<br>
Răzvan Crainea<br>
OpenSIPS Core Developer / SIPhub CTO<br>
<a href="http://www.opensips-solutions.com" rel="noreferrer noreferrer" target="_blank">http://www.opensips-solutions.com</a> / <a href="https://www.siphub.com" rel="noreferrer noreferrer" target="_blank">https://www.siphub.com</a><br>
<br>
On 9/26/23 19:54, L S wrote:<br>
> Thanks Razvan. Installing the cryptography module fixed it - I was able <br>
> to run both -x tls rootCA and userCERT, and create the certificates.<br>
> <br>
> However, when I start Opensips, I get the following error:<br>
> ERROR:tls_wolfssl:load_private_key: key <br>
> '/usr/local/etc/opensips/tls/server/privkey.pem' does not match the <br>
> public key of the certificate<br>
> <br>
> I tried creating the certificates both on Centos 7 and Ubuntu Focal, and <br>
> they both gave the same error.<br>
> The data for the certificates comes from opensips-cli.cfg. I had created <br>
> certificates with that cfg 3 months ago, and used in Opensips script <br>
> without any issues.<br>
>   I only changed the domain name this time.<br>
> <br>
> Any suggestions?<br>
> Thanks,<br>
> Matt<br>
> <br>
> <br>
> On Tue, Sep 26, 2023, 9:56 AM Răzvan Crainea <<a href="mailto:razvan@opensips.org" target="_blank" rel="noreferrer">razvan@opensips.org</a> <br>
> <mailto:<a href="mailto:razvan@opensips.org" target="_blank" rel="noreferrer">razvan@opensips.org</a>>> wrote:<br>
> <br>
>     Can you double check whether you have the python-openssl or<br>
>     python-cryptography libraries?<br>
> <br>
>     Best regards,<br>
> <br>
>     Răzvan Crainea<br>
>     OpenSIPS Core Developer / SIPhub CTO<br>
>     <a href="http://www.opensips-solutions.com" rel="noreferrer noreferrer" target="_blank">http://www.opensips-solutions.com</a><br>
>     <<a href="http://www.opensips-solutions.com" rel="noreferrer noreferrer" target="_blank">http://www.opensips-solutions.com</a>> / <a href="https://www.siphub.com" rel="noreferrer noreferrer" target="_blank">https://www.siphub.com</a><br>
>     <<a href="https://www.siphub.com" rel="noreferrer noreferrer" target="_blank">https://www.siphub.com</a>><br>
> <br>
>     On 9/26/23 16:38, L S wrote:<br>
>      > I'm trying to create certificates using opensips-cli:<br>
>      ><br>
>      > opensips-cli - f /usr/local/etc/opensips-cli.cfg -d -x tls rootCA<br>
>      > DEBUG: Skipping module 'tls' - excluded on purpose<br>
>      ><br>
>      > ERROR: No module 'tls' loaded<br>
>      ><br>
>      > Trying to find out why I am getting this message now - it used to<br>
>     work<br>
>      > fine. All other modules are loaded.<br>
>      ><br>
>      > Thaks,<br>
>      > Matt<br>
>      ><br>
>      > _______________________________________________<br>
>      > Users mailing list<br>
>      > <a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer">Users@lists.opensips.org</a> <mailto:<a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer">Users@lists.opensips.org</a>><br>
>      > <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>     <<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>><br>
> <br>
>     _______________________________________________<br>
>     Users mailing list<br>
>     <a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer">Users@lists.opensips.org</a> <mailto:<a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer">Users@lists.opensips.org</a>><br>
>     <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>     <<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>><br>
> <br>
> <br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div>