
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<meta name="Generator" content="Microsoft Word 15 (filtered medium)">


<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}


o\:* {behavior:url(#default#VML);}


w\:* {behavior:url(#default#VML);}


.shape {behavior:url(#default#VML);}


</style><![endif]--><style><!--


/* Font Definitions */


@font-face


        {font-family:Helvetica;


        panose-1:0 0 0 0 0 0 0 0 0 0;}


@font-face


        {font-family:"Cambria Math";


        panose-1:2 4 5 3 5 4 6 3 2 4;}


@font-face


        {font-family:Calibri;


        panose-1:2 15 5 2 2 2 4 3 2 4;}


@font-face


        {font-family:Aptos;


        panose-1:2 11 0 4 2 2 2 2 2 4;}


@font-face


        {font-family:Consolas;


        panose-1:2 11 6 9 2 2 4 3 2 4;}


@font-face


        {font-family:"Aptos Mono";


        panose-1:2 11 0 9 2 2 2 2 2 4;}


/* Style Definitions */


p.MsoNormal, li.MsoNormal, div.MsoNormal


        {margin:0in;


        font-size:11.0pt;


        font-family:"Aptos",sans-serif;}


a:link, span.MsoHyperlink


        {mso-style-priority:99;


        color:blue;


        text-decoration:underline;}


pre


        {mso-style-priority:99;


        mso-style-link:"HTML Preformatted Char";


        margin:0in;


        font-size:10.0pt;


        font-family:"Courier New";}


span.HTMLPreformattedChar


        {mso-style-name:"HTML Preformatted Char";


        mso-style-priority:99;


        mso-style-link:"HTML Preformatted";


        font-family:Consolas;}


.MsoChpDefault


        {mso-style-type:export-only;


        font-size:10.0pt;


        mso-ligatures:none;}


@page WordSection1


        {size:8.5in 11.0in;


        margin:1.0in 1.0in 1.0in 1.0in;}


div.WordSection1


        {page:WordSection1;}


--></style><!--[if gte mso 9]><xml>


<o:shapedefaults v:ext="edit" spidmax="1026" />


</xml><![endif]--><!--[if gte mso 9]><xml>


<o:shapelayout v:ext="edit">


<o:idmap v:ext="edit" data="1" />


</o:shapelayout></xml><![endif]-->


</head>


<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">


<div class="WordSection1">


<p class="MsoNormal">I think there is no more default server domain concept (I think there used to be). So for the server side you have to define either match_ip_address [1] or match_sip_domain [2] in order for the incoming connection to be matched to the correct


 TLS domain.</p>


<p class="MsoNormal"><o:p> </o:p></p>


<p class="MsoNormal">It seems in this case you probably want something like:</p>


<p class="MsoNormal"><o:p> </o:p></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Aptos Mono"">modparam("tls_mgm", "match_ip_address", "[server]<server_ip>:TLS_PORT")<o:p></o:p></span></p>


<p class="MsoNormal"><o:p> </o:p></p>


<p class="MsoNormal">Also, it is not shown but I assume you have also configured a TLS socket listening on the port? [3]</p>


<p class="MsoNormal"><o:p> </o:p></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Aptos Mono"">socket = tls:<server_ip>:TLS_PORT<o:p></o:p></span></p>


<p class="MsoNormal"><o:p> </o:p></p>


<p class="MsoNormal">[1] <a href="https://opensips.org/docs/modules/3.4.x/tls_mgm.html#param_match_ip_address">


https://opensips.org/docs/modules/3.4.x/tls_mgm.html#param_match_ip_address</a></p>


<p class="MsoNormal">[2] <a href="https://opensips.org/docs/modules/3.4.x/tls_mgm.html#param_match_sip_domain">


https://opensips.org/docs/modules/3.4.x/tls_mgm.html#param_match_sip_domain</a></p>


<p class="MsoNormal">[3] <a href="https://www.opensips.org/Documentation/Script-CoreParameters-3-4#socket">


https://www.opensips.org/Documentation/Script-CoreParameters-3-4#socket</a></p>


<p class="MsoNormal"><o:p> </o:p></p>


<div>


<div>


<div>


<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Ben Newlin</span></p>


</div>


</div>


</div>


<p class="MsoNormal"><o:p> </o:p></p>


<div id="mail-editor-reference-message-container">


<div>


<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">


<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:


</span></b><span style="font-size:12.0pt;color:black">Users <users-bounces@lists.opensips.org> on behalf of Ihor Olkhovskyi <igorolhovskiy@gmail.com><br>


<b>Date: </b>Friday, June 14, 2024 at 2:15</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"> </span><span style="font-size:12.0pt;color:black">PM<br>


<b>To: </b>users@lists.opensips.org <users@lists.opensips.org><br>


<b>Subject: </b>Re: [OpenSIPS-Users] SSL error<o:p></o:p></span></p>


</div>


<div>


<div>


<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">


<tbody>


<tr>


<td style="border:solid #B60000 1.0pt;background:white;padding:.75pt .75pt .75pt .75pt">


<p class="MsoNormal"><b><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:#B60000"> EXTERNAL EMAIL - Please use caution with links and attachments <o:p></o:p></span></b></p>


</td>


</tr>


</tbody>


</table>


</div>


<p class="MsoNormal"><span style="font-size:12.0pt;font-family:Helvetica"><o:p> </o:p></span></p>


<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt;font-family:Helvetica">


<hr size="0" width="100%" align="center">


</span></div>


</div>


<p>Hello,</p>


<p>I'll paste a working 3.4 config of TLS from my project, hope you can adopt this one</p>


<p>loadmodule "proto_tls.so"<br>


modparam("proto_tls", "tls_port", TLS_PORT)<br>


modparam("proto_tls", "tls_handshake_timeout", 3000)<br>


modparam("proto_tls", "tls_send_timeout", 3000)<br>


modparam("proto_tls", "tls_async_local_connect_timeout", 3000)<br>


modparam("proto_tls", "tls_async_handshake_timeout", 3000)<br>


# WebSocket part<br>


loadmodule "proto_wss.so"<br>


modparam("proto_wss", "wss_handshake_timeout", 3000)<br>


modparam("proto_wss", "wss_tls_handshake_timeout", 3000)<br>


modparam("proto_wss", "require_origin", no)<br>


<br>


loadmodule "tls_openssl.so"<br>


loadmodule "tls_mgm.so"<br>


<br>


modparam("tls_mgm", "client_domain", "client")<br>


modparam("tls_mgm", "certificate", "[client]/etc/ssl/certs/ssl-cert-snakeoil.pem")<br>


modparam("tls_mgm", "private_key", "[client]/etc/ssl/private/ssl-cert-snakeoil.key")<br>


modparam("tls_mgm", "ca_list", "[client]/etc/ssl/certs/ca-certificates.crt")<br>


modparam("tls_mgm", "verify_cert", "[client]0")<br>


modparam("tls_mgm", "require_cert", "[client]0")<br>


<br>


modparam("tls_mgm", "server_domain", "server")<br>


modparam("tls_mgm", "certificate", "[server]/etc/ssl/certs/ssl-cert-snakeoil.pem")<br>


modparam("tls_mgm", "private_key", "[server]/etc/ssl/private/ssl-cert-snakeoil.key")<br>


modparam("tls_mgm", "ca_list", "[server]/etc/ssl/certs/ca-certificates.crt")<br>


modparam("tls_mgm", "verify_cert", "[server]0")<br>


modparam("tls_mgm", "require_cert", "[server]0")</p>


<div>


<p class="MsoNormal"><span style="font-size:12.0pt">Le 13/06/2024 à 00:49, Pa Ka a écrit :<o:p></o:p></span></p>


</div>


<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">


<div>


<p class="MsoNormal">Hello Team, sorry to bother you again, opensips ssl certificate are not working on port 5061. I check with an SSL Checker and returns


<b>No SSL certificates were found on [<span class="MsoHyperlink">server:5061</span>]</b></p>


<p class="MsoNormal">I’m using version 3.2.18 (it was the same issue with 3.4.5)  certificate are generated with letsencrypt</p>


<p class="MsoNormal"> </p>


<p class="MsoNormal">This is the modparam</p>


<p class="MsoNormal"> </p>


<p class="MsoNormal">modparam("tls_mgm","tls_library", "openssl")</p>


<p class="MsoNormal">modparam("tls_mgm","server_domain", "dom")</p>


<p class="MsoNormal">modparam("tls_mgm","match_ip_address", "[dom]*")</p>


<p class="MsoNormal">modparam("tls_mgm","verify_cert", "[dom]1")</p>


<p class="MsoNormal">modparam("tls_mgm","require_cert", "[dom]1")</p>


<p class="MsoNormal">modparam("tls_mgm","tls_method", "[dom]-TLSv1_2")</p>


<p class="MsoNormal">modparam("tls_mgm","certificate", "[dom]/etc/opensips/tls/user/user-cert.pem")</p>


<p class="MsoNormal">modparam("tls_mgm","private_key", "[dom]/etc/opensips/tls/user/user-privkey.pem")</p>


<p class="MsoNormal">modparam("tls_mgm","ca_list", "[dom]/etc/opensips/tls/user/user-calist.pem")</p>


<p class="MsoNormal">modparam("tls_mgm", "require_cert", "1")</p>


<p class="MsoNormal">modparam("tls_mgm", "verify_cert", "1")</p>


<p class="MsoNormal"> </p>


<p class="MsoNormal"> </p>


<p class="MsoNormal">I tried this </p>


<p class="MsoNormal"> </p>


<p class="MsoNormal">modparam("tls_mgm","certificate", "[dom]/etc/letsencrypt/live/domain/fullchain.pem")</p>


<p class="MsoNormal">modparam("tls_mgm","private_key", "[dom]/etc/letsencrypt/live/domain/privkey.pem")</p>


<p class="MsoNormal">modparam("tls_mgm","ca_list", "[dom]/etc/letsencrypt/live/domain/chain.pem")</p>


<p class="MsoNormal"> </p>


<p class="MsoNormal">but returns permission error message and couldn’t start opensips (even if I set the permission of all files in etc/letsencryt to opensips user and group as well.)<br>


<br>


Thank you. P.K</p>


<p class="MsoNormal"> </p>


</div>


<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt"><o:p> </o:p></span></p>


<pre>_______________________________________________</pre>


<pre>Users mailing list</pre>


<pre><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a></pre>


<pre><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></pre>


</blockquote>


</div>


</div>


</div>


</body>


</html>