<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:Helvetica;
        panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Aptos;
        panose-1:2 11 0 4 2 2 2 2 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
        {font-family:"Aptos Mono";
        panose-1:2 11 0 9 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        font-size:10.0pt;
        font-family:"Courier New";}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;
        mso-ligatures:none;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">I think there is no more default server domain concept (I think there used to be). So for the server side you have to define either match_ip_address [1] or match_sip_domain [2] in order for the incoming connection to be matched to the correct
 TLS domain.</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It seems in this case you probably want something like:</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Aptos Mono"">modparam("tls_mgm", "match_ip_address", "[server]<server_ip>:TLS_PORT")<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Also, it is not shown but I assume you have also configured a TLS socket listening on the port? [3]</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Aptos Mono"">socket = tls:<server_ip>:TLS_PORT<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[1] <a href="https://opensips.org/docs/modules/3.4.x/tls_mgm.html#param_match_ip_address">
https://opensips.org/docs/modules/3.4.x/tls_mgm.html#param_match_ip_address</a></p>
<p class="MsoNormal">[2] <a href="https://opensips.org/docs/modules/3.4.x/tls_mgm.html#param_match_sip_domain">
https://opensips.org/docs/modules/3.4.x/tls_mgm.html#param_match_sip_domain</a></p>
<p class="MsoNormal">[3] <a href="https://www.opensips.org/Documentation/Script-CoreParameters-3-4#socket">
https://www.opensips.org/Documentation/Script-CoreParameters-3-4#socket</a></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Ben Newlin</span></p>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div id="mail-editor-reference-message-container">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">Users <users-bounces@lists.opensips.org> on behalf of Ihor Olkhovskyi <igorolhovskiy@gmail.com><br>
<b>Date: </b>Friday, June 14, 2024 at 2:15</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"> </span><span style="font-size:12.0pt;color:black">PM<br>
<b>To: </b>users@lists.opensips.org <users@lists.opensips.org><br>
<b>Subject: </b>Re: [OpenSIPS-Users] SSL error<o:p></o:p></span></p>
</div>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="border:solid #B60000 1.0pt;background:white;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:#B60000"> EXTERNAL EMAIL - Please use caution with links and attachments <o:p></o:p></span></b></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:Helvetica"><o:p> </o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt;font-family:Helvetica">
<hr size="0" width="100%" align="center">
</span></div>
</div>
<p>Hello,</p>
<p>I'll paste a working 3.4 config of TLS from my project, hope you can adopt this one</p>
<p>loadmodule "proto_tls.so"<br>
modparam("proto_tls", "tls_port", TLS_PORT)<br>
modparam("proto_tls", "tls_handshake_timeout", 3000)<br>
modparam("proto_tls", "tls_send_timeout", 3000)<br>
modparam("proto_tls", "tls_async_local_connect_timeout", 3000)<br>
modparam("proto_tls", "tls_async_handshake_timeout", 3000)<br>
# WebSocket part<br>
loadmodule "proto_wss.so"<br>
modparam("proto_wss", "wss_handshake_timeout", 3000)<br>
modparam("proto_wss", "wss_tls_handshake_timeout", 3000)<br>
modparam("proto_wss", "require_origin", no)<br>
<br>
loadmodule "tls_openssl.so"<br>
loadmodule "tls_mgm.so"<br>
<br>
modparam("tls_mgm", "client_domain", "client")<br>
modparam("tls_mgm", "certificate", "[client]/etc/ssl/certs/ssl-cert-snakeoil.pem")<br>
modparam("tls_mgm", "private_key", "[client]/etc/ssl/private/ssl-cert-snakeoil.key")<br>
modparam("tls_mgm", "ca_list", "[client]/etc/ssl/certs/ca-certificates.crt")<br>
modparam("tls_mgm", "verify_cert", "[client]0")<br>
modparam("tls_mgm", "require_cert", "[client]0")<br>
<br>
modparam("tls_mgm", "server_domain", "server")<br>
modparam("tls_mgm", "certificate", "[server]/etc/ssl/certs/ssl-cert-snakeoil.pem")<br>
modparam("tls_mgm", "private_key", "[server]/etc/ssl/private/ssl-cert-snakeoil.key")<br>
modparam("tls_mgm", "ca_list", "[server]/etc/ssl/certs/ca-certificates.crt")<br>
modparam("tls_mgm", "verify_cert", "[server]0")<br>
modparam("tls_mgm", "require_cert", "[server]0")</p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt">Le 13/06/2024 à 00:49, Pa Ka a écrit :<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Hello Team, sorry to bother you again, opensips ssl certificate are not working on port 5061. I check with an SSL Checker and returns
<b>No SSL certificates were found on [<span class="MsoHyperlink">server:5061</span>]</b></p>
<p class="MsoNormal">I’m using version 3.2.18 (it was the same issue with 3.4.5)  certificate are generated with letsencrypt</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">This is the modparam</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">modparam("tls_mgm","tls_library", "openssl")</p>
<p class="MsoNormal">modparam("tls_mgm","server_domain", "dom")</p>
<p class="MsoNormal">modparam("tls_mgm","match_ip_address", "[dom]*")</p>
<p class="MsoNormal">modparam("tls_mgm","verify_cert", "[dom]1")</p>
<p class="MsoNormal">modparam("tls_mgm","require_cert", "[dom]1")</p>
<p class="MsoNormal">modparam("tls_mgm","tls_method", "[dom]-TLSv1_2")</p>
<p class="MsoNormal">modparam("tls_mgm","certificate", "[dom]/etc/opensips/tls/user/user-cert.pem")</p>
<p class="MsoNormal">modparam("tls_mgm","private_key", "[dom]/etc/opensips/tls/user/user-privkey.pem")</p>
<p class="MsoNormal">modparam("tls_mgm","ca_list", "[dom]/etc/opensips/tls/user/user-calist.pem")</p>
<p class="MsoNormal">modparam("tls_mgm", "require_cert", "1")</p>
<p class="MsoNormal">modparam("tls_mgm", "verify_cert", "1")</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I tried this </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">modparam("tls_mgm","certificate", "[dom]/etc/letsencrypt/live/domain/fullchain.pem")</p>
<p class="MsoNormal">modparam("tls_mgm","private_key", "[dom]/etc/letsencrypt/live/domain/privkey.pem")</p>
<p class="MsoNormal">modparam("tls_mgm","ca_list", "[dom]/etc/letsencrypt/live/domain/chain.pem")</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">but returns permission error message and couldn’t start opensips (even if I set the permission of all files in etc/letsencryt to opensips user and group as well.)<br>
<br>
Thank you. P.K</p>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
<pre>_______________________________________________</pre>
<pre>Users mailing list</pre>
<pre><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a></pre>
<pre><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></pre>
</blockquote>
</div>
</div>
</div>
</body>
</html>