Hi Rob Moore, Yes, I have intended to use TLS in client side to verify with server side.
I have tried to create cert files as : Quick Certificate Howto in http://kamailio.org/docs/modules/stable/modules/tls.html#tls.debugging Then, I tried to use Blink phone to user crt file, But I see that I cant add any pem file to this. Can you suggest ? Thank all, ThanhTruong Thanks, ThanhTruong. On Thu, Dec 18, 2014 at 11:28 PM, Rob Moore <rob.mo...@aeriandi.com> wrote: > > Hi Thanh, > > > > Are you intending to use Client certificates in your setup? > > > > If not, the error “SSL3_GET_CLIENT_CERTIFICATE “ would lead me to > believe that your problem is modparam("tls", "require_certificate", 1) which > when enabled kamailio will require a certificate from the client. > > I’m not an expert with TLS, but this may help depending on what type of > TLS setup you are trying to achieve. > > > > *From:* sr-users [mailto:sr-users-boun...@lists.sip-router.org] *On > Behalf Of *Thanh Truong > *Sent:* 18 December 2014 15:28 > *To:* kamailio > *Subject:* [SR-Users] TLS enable false. > > > > Hi all, > > > > I have tried several configure TLS in kamailio but no luck. > > > > Please give me some suggestion that I can make it work correctly. > > > > This is my configure in TLS module. > > > > modparam("tls", "tls_method", "SSLv23") > > modparam("tls", "private_key", "/usr/local/etc/kamailio/ca/privkey.pem") > > modparam("tls", "certificate", > "/usr/local/etc/kamailio/ca/kamailio1_cert.pem") > > modparam("tls", "ca_list", "/usr/local/etc/kamailio/ca/calist.pem") > > modparam("tls", "verify_certificate", 1) > > modparam("tls", "require_certificate", 1) > > > > I am only getting issue with verify_certifiate = 1, it i let it to 0, my > client can register correctly. > > > > When I set this flag, i got message from server as: > > > > Dec 18 10:26:31 17237 /usr/local/sbin/kamailio[12655]: ERROR: <core> > [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading > > Dec 18 10:26:46 17237 /usr/local/sbin/kamailio[12656]: ERROR: tls > [tls_server.c:1193]: tls_read_f(): TLS accept:error:140890C7:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate > > Dec 18 10:26:46 17237 /usr/local/sbin/kamailio[12656]: ERROR: <core> > [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading > > > > I Cant add any pem file into client, i have used Blink phone but no luck. > > Thank all in advance. > > > > ThanhTruong. > > > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users