When your server contacts the public server, your server acts as a tls client. So you may need to copy the server section settings (at least the calist) into the client section of tls.cfg.
Sent from my iPhone > On Aug 28, 2015, at 12:01 PM, Alexandru Covalschi <568...@gmail.com> wrote: > > Hello! > > I'm having problems with Kamailio configuration with TLS. Or, maybe, that's > my misunderstanding about how it should work. > So, the issue - inbound TLS works just great, I can call everyone in my > domain. I have PositiveSSL certificate, so I have such files: > calist.crt AddTrustExternalCARoot.crt + COMODORSAAddTrustCA.crt + > COMODORSADomainValidationSecureServerCA.crt divided by \n > server.key - key > server.crt - cert > The configuration of tls.cfg > > [server:default] > method = SSLv23 > verify_certificate = no > require_certificate = no > private_key = /etc/ssl/sectel.io.ssl/sip/server.key > certificate = /etc/ssl/sectel.io.ssl/sip/server.crt > ca_list = /etc/ssl/sectel.io.ssl/sip/calist.crt > #crl = /etc/kamailio/crl.pem > (however with or without ca_list nothing changes) > > [client:default] > verify_certificate = yes > require_certificate = yes > > > And with that configuration when I'm trying to call to ostel.co (public SIP > service supporting TLS) from my server I get such error: > ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > > > Putting that in tls.cfg: > [client:default] > verify_certificate = no > require_certificate = no > > Make everything work. > Cross-domain calling is essential and I'm just trying to figure out - what's > the problem? Is that my certificate, is that ostel.co certificate or it is > just the way it should be? > > Thanks! > > -- > Alexandru Covalschi > ABRISS-Solutions > VoIP engineer and system administrator > phone: +37367398493 > web: http://abs-telecom.com/ > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
