Hello, For adding the CA list below is the article that can help you. *https://telecom.altanai.com/2018/09/04/kamailio-webrtc-sip-server/ <https://telecom.altanai.com/2018/09/04/kamailio-webrtc-sip-server/>*
Search the line, *find / -name cacert.pem* there you will find the steps to get it. But in my case it works without *ca_list* also. On Sat, Aug 20, 2022 at 2:45 AM M Arqum CH <marqu...@gmail.com> wrote: > Hi Henning, > Thank you for your reply. > yes there is ca_list parameter .. but no idea from where i can get that > list. > can you please guide me on how to get ca_list, how would I generate > ca_list. > > thanks > > On Fri, Aug 19, 2022 at 2:40 PM Henning Westerholt <h...@gilawa.com> wrote: > >> Hello, >> >> >> >> try to add the „ca_list” parameter to your ca file, it seems an error >> related to that. >> >> >> >> Cheers, >> >> >> >> Henning >> >> >> >> -- >> >> Henning Westerholt – https://skalatan.de/blog/ >> >> Kamailio services – https://gilawa.com >> >> >> >> *From:* sr-users <sr-users-boun...@lists.kamailio.org> *On Behalf Of *M >> Arqum CH >> *Sent:* Thursday, August 18, 2022 10:49 PM >> *To:* Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> >> *Subject:* [SR-Users] TLS issue >> >> >> >> Dear All, >> >> Thank you in advance . >> >> >> >> Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon >> linux server. >> >> >> >> Getting this error. >> >> >> >> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: >> ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error >> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: >> ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL >> routines:ssl3_read_bytes:tlsv1 alert unknown ca >> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: >> ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: >> 143.198.11.1:62033 ///client ip >> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: >> ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: >> 172.36.53.1:5061 ///ec2 local ip >> Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: >> ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req: >> error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1) >> >> >> >> TLS Config >> >> [server:default] >> method = TLSv1+ >> verify_certificate = no >> require_certificate = nocertificate=/usr/local/ssl/certs/cert.pem >> private_key=/usr/local/ssl/certs/fullkey.pem >> server_name = abc.domain >> >> >> >> >> >> Also tried this conf >> >> [server:default] >> method = TLSv1+ ///tries all version options >> >> >> verify_certificate = no >> require_certificate = no >> certificate=/usr/local/ssl/certs/ abc.domain.crt >> private_key=/usr/local/ssl/certs/ abc.domain.key >> server_name = abc.domain.link >> >> >> >> openssl version >> OpenSSL 1.0.2k-fips 26 Jan 2017 >> >> >> >> >> >> >> >> please guide. >> >> >> >> >> >> -- >> >> Regards >> >> Arqum >> > > > -- > Regards > M Arqum > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * sr-users@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users