Good morning all Can anyone clarify whether the TLS domain in SAN is supported or not please?
Many thanks Mark. On Fri, 13 Nov 2020 at 15:59, Kevin Vines <kevin.vi...@gmail.com> wrote: > You got me there... the doc states > > OpenSIPS offers SIP service for multiple 219 domains, e.g. atlanta.com > and biloxi.com. Altough both domains 220 will be hosted on a single SIP > proxy, the SIP proxy needs 2 221 certificates: One for atlanta.com and > one for biloxi.com. For 222 incoming TLS connections > > > If you need one cert per domain, maybe it implies that you need to have the > domain as the CN instead of a SAN? > > > Kevin > > *From:* farm...@gmail.com > *Sent:* November 13, 2020 10:43 a.m. > *To:* users@lists.opensips.org > *Reply to:* users@lists.opensips.org > *Subject:* Re: [OpenSIPS-Users] Teams TLS Error > > OK so now I have this: > > modparam("tls_mgm","certificate", "[my.domain.name > ]/usr/local/etc/opensips/tls/myCert.pem") > modparam("tls_mgm","private_key", "[my.domain.name > ]/usr/local/etc/opensips/tls/myKey.key") > modparam("tls_mgm","ca_dir", "/etc/ssl/certs") > modparam("tls_mgm","verify_cert", "[my.domain.name]1") > modparam("tls_mgm","require_cert", "[my.domain.name]1") > modparam("tls_mgm","tls_method", "[my.domain.name]TLSv1_2") > modparam("tls_mgm", "match_sip_domain", "my.domain.name") > > But now it claims that my.domain.name is not defined in myCert.pem > I know it is - it is in a SAN within the certificate. > > Any suggestions? > Many thanks > Mark. > > > On Fri, 13 Nov 2020 at 15:12, Kevin Vines <kevin.vi...@gmail.com> wrote: > >> Hi Mark, >> >> Based on some googling it looks like you need to specify the domain eg: >> >> modparam("tls_mgm","verify_cert", "[domain.com]1") >> >> https://fossies.org/linux/opensips/modules/tls_mgm/README >> >> Kevin >> *From:* farm...@gmail.com >> *Sent:* November 13, 2020 9:49 a.m. >> *To:* users@lists.opensips.org >> *Reply to:* users@lists.opensips.org >> *Subject:* [OpenSIPS-Users] Teams TLS Error >> >> Hi everyone >> >> OpenSIPS 3.1.0 >> >> I am following the OpenSIPS as Teams SBC guide and have added the TLS >> config: >> >> modparam("tls_mgm","verify_cert", "1") >> modparam("tls_mgm","require_cert", "1") >> modparam("tls_mgm","tls_method", "TLSv1_2") >> modparam("tls_mgm","certificate", "/usr/local/etc/opensips/tls/myCert.pem >> ") >> modparam("tls_mgm","private_key", "/usr/local/etc/opensips/tls/myKey.key >> ") >> modparam("tls_mgm", "ca_dir", "/etc/ssl/certs") >> >> But I am seeing a TLS domain error: >> >> Nov 13 14:36:50 [175314] ERROR:tls_mgm:split_param_val: No TLS domain name >> Nov 13 14:36:50 [175314] Traceback (last included file at the bottom): >> Nov 13 14:36:50 [175314] 0. /usr/local//etc/opensips/opensips.cfg >> Nov 13 14:36:50 [175314] CRITICAL:core:yyerror: parse error in >> /usr/local//etc/opensips/opensips.cfg:191:19-20: Parameter <verify_cert> >> not found in module <tls_mgm> - can't set >> Nov 13 14:36:50 [175314] #modparam("tls_mgm", "require_cert", "[dom4]1") >> Nov 13 14:36:50 [175314] >> Nov 13 14:36:50 [175314] modparam("tls_mgm","verify_cert", "1") >> Nov 13 14:36:50 [175314] ^~ >> Nov 13 14:36:50 [175314] modparam("tls_mgm","require_cert", "1") >> Nov 13 14:36:50 [175314] modparam("tls_mgm","tls_method", "TLSv1_2") >> Nov 13 14:36:50 [175314] DBG:core:set_mod_param_regex: tls_mgm matches >> module tls_mgm >> Nov 13 14:36:50 [175314] DBG:core:set_mod_param_regex: found >> <require_cert> in module tls_mgm [/usr/local/lib64/opensips/modules/] >> Nov 13 14:36:50 [175314] ERROR:tls_mgm:split_param_val: No TLS domain name >> >> Can anyone tell me what I might be missing please? >> >> Many thanks >> Mark. >> >> _______________________________________________ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > > -- > Mark Farmer > farm...@gmail.com > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- Mark Farmer farm...@gmail.com
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users