Re: [OpenSIPS-Users] TLS Error

Thu, 17 Sep 2020 07:00:43 -0700 

Thanks

Do i just create a folder tls in /etc/opensips and copy them in?

Also what did you use for ca_list?


On Thursday, September 17, 2020, John Matich <j...@siptalk.com.au> wrote:

> Copy the certs into /etc/opensips/tls/.... it doesn't seem to like the
> symlinked certs of letsencrypt
>
> That fixed it for me when I had the same issue.
>
> On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote:
>
> yes but why as that path is correct
> and permissions etc are all fine
>
> On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq <jo...@democon.be> wrote:
>
> it seems to me that it can't load your certificate.
>
> Op do 17 sep. 2020 om 15:16 schreef Andrew Colin <andrewd.co...@gmail.com
> >:
>
> Hi Guys
>
> I am trying to get tls to work but getting some errors.
> i am using letsencrypt and opensips 3.1
>
> my config is
>
> loadmodule "proto_tls.so"
>
>
> loadmodule "tls_mgm.so"
>
>
> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>
>
> modparam("tls_mgm", "server_domain", "dom1")
>
> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
>
> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
>
>
>
> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
>
> modparam("tls_mgm", "verify_cert", "[dom1]1")
>
> modparam("tls_mgm", "require_cert", "[dom1]1")
>
> modparam("tls_mgm", "certificate", "[dom1]/etc/letsencrypt/live/m
> ydomain.co.uk/cert.pem")
>
> modparam("tls_mgm", "private_key", "[dom1]/etc/letsencrypt/live/m
> ydomain.co.uk/privkey.pem")
>
> modparam("tls_mgm", "ca_list", "[dom1]/etc/letsencrypt/live/m
> ydomain.co.uk/cert.pem")
>
> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/bmydomain.co.uk
> ")
>
>
>
> but i get this error
>
>
>
> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom:
> Processing TLS domain 'dom1'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: 
> INFO:tls_mgm:get_ssl_ctx_verify_mode:
> client verification activated. Client certificates are mandatory.
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: 
> ERROR:tls_mgm:load_certificate:
> unable to load certificate file '/etc/letsencrypt/live/mydomai
> n.co.uk/cert.pem'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: 
> ERROR:tls_mgm:init_tls_domains:
> Failed to init TLS domain 'dom1'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod:
> failed to initialize module tls_mgm
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error
> while initializing modules
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
> Exiting....
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
>
> Users mailing list
>
> Users@lists.opensips.org
>
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>

_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to