One of our customers is trying to setup a TLS for SIP trunk. Self-signed certificates (2048 bit) & non encrypted configuration on SIP trunk work but a CA signed certificate does not.
Going by this SSL/TLS detail example <http://technet.microsoft.com/en-us/library/cc785811%28WS.10%29.aspx>http:// technet.microsoft.com/en-us/library/cc785811%28WS.10%29.aspx as a reference for a SSL/TLS handshake protocol - We see the following. Packet Capture (20110721-141405_packet.pcap): Packet # - SSL/TLS Message 1116 - Client Hello 1122 - Server Hello 1628 - Server Certificate 1658 - Client Certificate 1659 - Client Key Exchange ... It stops here. In the CUBE debugs (putty.log): *Jul 21 12:39:23.782: CRYPTO_PKI: Certificate is verified *Jul 21 12:39:23.782: CRYPTO_PKI: Certificate validated without revocation check *Jul 21 12:39:23.782: CRYPTO_PKI: chain cert was anchored to trustpoint DODCA21, and chain validation result was: CRYPTO_VALID_CERT_WITH_WARNING *Jul 21 12:39:23.782: CRYPTO_PKI: Validation TP is DODCA21 *Jul 21 12:39:23.782: CRYPTO_PKI: Certificate validation succeeded *Jul 21 12:39:23.782: SSL_accept:SSLv3 read client certificate A *Jul 21 12:39:23.782: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange *Jul 21 12:39:23.782: 10 00 01 02 01 00 09 FB B7 04 A8 F4 D7 52 C8 C7 *Jul 21 12:39:23.782: 14 13 55 62 05 68 31 45 0B 75 60 C4 80 66 65 AD *Jul 21 12:39:23.782: 59 28 79 10 22 D7 C3 C5 C6 3D D0 8A 1E E8 59 56 *Jul 21 12:39:23.782: 5F 93 B9 32 D9 0B 73 F8 1A 7B B4 0E 3F B5 44 2B *Jul 21 12:39:23.782: C4 A9 C9 16 9C 5A F9 F6 F5 5F 75 5C FF 51 9B 25 *Jul 21 12:39:23.782: 67 55 22 72 A1 22 F7 D9 0B 3D 3C 34 AA D4 F9 00 *Jul 21 12:39:23.782: E8 1D 73 23 9F 41 C5 1D CE 0D B3 D4 00 8A 75 E3 *Jul 21 12:39:23.782: 1D 91 A2 BF 87 40 9E 04 4F 48 E1 A7 65 3E 14 66 *Jul 21 12:39:23.782: D0 3A 54 59 7D 4A 09 6E 01 44 E1 75 C0 2D 84 9E *Jul 21 12:39:23.782: AD 23 F0 73 F0 57 BA 80 10 45 FC E9 F6 5F 86 4F *Jul 21 12:39:23.782: 8D 43 11 3F 11 23 EC 4E CA 81 75 05 A0 E4 FD D8 *Jul 21 12:39:23.782: 56 46 98 76 6F D2 F3 3D B3 9C 5E 10 34 ED 38 45 *Jul 21 12:39:23.782: 90 1F 4B D2 97 42 5B 61 D3 F0 F2 D0 EE 56 9E 80 *Jul 21 12:39:23.782: F0 FC D6 E8 F9 2C 9B D0 33 53 0E 6C 41 5A E8 79 *Jul 21 12:39:23.782: 84 47 84 7B C0 C8 21 CA 64 D5 23 40 55 EF 01 50 *Jul 21 12:39:23.782: B2 53 D4 0B 87 27 AA 60 D0 1B 6D 19 A7 0D D5 C0 *Jul 21 12:39:23.782: B3 AA 61 0D DE 80 *Jul 21 12:39:23.782: *Jul 21 12:39:23.930: SSL_accept:SSLv3 read client key exchange A *Jul 21 12:40:21.694: SSL_accept:failed in SSLv3 read certificate verify A Everything looks good up to the "Client Key Exchange" but the CUBE stops at the "Client Certificate Verify". We are unable to determine why this is the case. Any pointers on how to further debug this would be greatly appreciated.. Thanks Anamitra
