<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello,</p>
<p>I'll paste a working 3.4 config of TLS from my project, hope you
can adopt this one</p>
<p>loadmodule "proto_tls.so"<br>
modparam("proto_tls", "tls_port", TLS_PORT)<br>
modparam("proto_tls", "tls_handshake_timeout", 3000)<br>
modparam("proto_tls", "tls_send_timeout", 3000)<br>
modparam("proto_tls", "tls_async_local_connect_timeout", 3000)<br>
modparam("proto_tls", "tls_async_handshake_timeout", 3000)<br>
# WebSocket part<br>
loadmodule "proto_wss.so"<br>
modparam("proto_wss", "wss_handshake_timeout", 3000)<br>
modparam("proto_wss", "wss_tls_handshake_timeout", 3000)<br>
modparam("proto_wss", "require_origin", no)<br>
<br>
loadmodule "tls_openssl.so"<br>
loadmodule "tls_mgm.so"<br>
<br>
modparam("tls_mgm", "client_domain", "client")<br>
modparam("tls_mgm", "certificate",
"[client]/etc/ssl/certs/ssl-cert-snakeoil.pem")<br>
modparam("tls_mgm", "private_key",
"[client]/etc/ssl/private/ssl-cert-snakeoil.key")<br>
modparam("tls_mgm", "ca_list",
"[client]/etc/ssl/certs/ca-certificates.crt")<br>
modparam("tls_mgm", "verify_cert", "[client]0")<br>
modparam("tls_mgm", "require_cert", "[client]0")<br>
<br>
modparam("tls_mgm", "server_domain", "server")<br>
modparam("tls_mgm", "certificate",
"[server]/etc/ssl/certs/ssl-cert-snakeoil.pem")<br>
modparam("tls_mgm", "private_key",
"[server]/etc/ssl/private/ssl-cert-snakeoil.key")<br>
modparam("tls_mgm", "ca_list",
"[server]/etc/ssl/certs/ca-certificates.crt")<br>
modparam("tls_mgm", "verify_cert", "[server]0")<br>
modparam("tls_mgm", "require_cert", "[server]0")<br>
</p>
<div class="moz-cite-prefix">Le 13/06/2024 à 00:49, Pa Ka a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:IA2P220MB19127B3F910518AAE9454219EAC02@IA2P220MB1912.NAMP220.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Aptos;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hello Team, sorry to bother you again,
opensips ssl certificate are not working on port 5061. I check
with an SSL Checker and returns
<b>No SSL certificates were found on [<a class="moz-txt-link-freetext" href="server:5061">server:5061</a>]<o:p></o:p></b></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">I’m using version 3.2.18 (it was the same
issue with 3.4.5) certificate are generated with letsencrypt<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This is the modparam<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">modparam("tls_mgm","tls_library",
"openssl")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm","server_domain", "dom")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm","match_ip_address",
"[dom]*")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm","verify_cert", "[dom]1")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm","require_cert",
"[dom]1")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm","tls_method",
"[dom]-TLSv1_2")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm","certificate",
"[dom]/etc/opensips/tls/user/user-cert.pem")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm","private_key",
"[dom]/etc/opensips/tls/user/user-privkey.pem")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm","ca_list",
"[dom]/etc/opensips/tls/user/user-calist.pem")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm", "require_cert", "1")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm", "verify_cert", "1")<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I tried this <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">modparam("tls_mgm","certificate",
"[dom]/etc/letsencrypt/live/domain/fullchain.pem")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm","private_key",
"[dom]/etc/letsencrypt/live/domain/privkey.pem")<o:p></o:p></p>
<p class="MsoNormal">modparam("tls_mgm","ca_list",
"[dom]/etc/letsencrypt/live/domain/chain.pem")<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">but returns permission error message and
couldn’t start opensips (even if I set the permission of all
files in etc/letsencryt to opensips user and group as well.)<br>
<br>
Thank you. P.K<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
</body>
</html>