Hi Bogdan-Andrei, I have set the "certificate" and "private_key" in my script, as I explained in method 1. However, AWS RDS doesn't support a client cert. Please refer to https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
Is there any workaround to use the public cert list provided by AWS? Anyone has successfully used RDS with SSL connections? Thanks! On Tue, Sep 13, 2022 at 9:54 PM Bogdan-Andrei Iancu <bog...@opensips.org> wrote: > Set the certificate and key you have in the tls_mgm module, for the > "certificate" and "private_key" parameters. > > Regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Summit 27-30 Sept 2022, Athens > https://www.opensips.org/events/Summit-2022Athens/ > > On 9/13/22 2:57 PM, jacky z wrote: > > Hi Bogdan-Andrei, > > I tried two methods. > > Method 1: > > #enabled TLS connection: > modparam("db_mysql", "use_tls", 1) > > #setup a client domain: > modparam("tls_mgm", "client_domain", "dom1") > modparam("tls_mgm", "match_ip_address", "[dom1]*") > modparam("tls_mgm", "match_sip_domain", "[dom1]*") > modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem") > modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem") > modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem") > modparam("tls_mgm","tls_method", "[dom1]SSLv23") > modparam("tls_mgm","verify_cert", "[dom1]0") > modparam("tls_mgm","require_cert", "[dom1]0") > # set db_url > modparam("usrloc", "db_url", "mysql://root:1234@ > <awsrdsaddress>/opensips?tls_domain=dom1") > ... > > I couldn't figure out how to use global-bundle.pem AWS provided with this > method. No luck to get a connection with RDS. If I don't use ssl, opensips > can connect to RDS without encryption. > > Method 2: > > I tried > > modparam("usrloc", "db_url", "mysql://root:1234@ > <awsrdsaddress>/opensips?ssl=true& > ssl_ca_certs=/etc/ssl/certs/global-bundle.pem") > > to include the AWS cert. Still no luck. > > Thanks! > > On Tue, Sep 13, 2022 at 4:52 PM Bogdan-Andrei Iancu <bog...@opensips.org> > wrote: > >> Hi, >> >> sorry for my silly question, but how do you connect from the OpenSIPS >> side ?? >> >> Regards, >> >> Bogdan-Andrei Iancu >> >> OpenSIPS Founder and Developer >> https://www.opensips-solutions.com >> OpenSIPS Summit 27-30 Sept 2022, Athens >> https://www.opensips.org/events/Summit-2022Athens/ >> >> On 9/13/22 10:41 AM, jacky z wrote: >> >> Hi Team, >> >> We hope to connect to aws RDS database with ssl encryption. We have setup >> a client domain according to OPENSIPS documents. However, AWS RDS does not >> support client cert as someone has confirmed with AWS >> https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws >> >> Is there any way to use the cert provided by AWS to connect? AWS provides >> a global-bundle.pem ( >> https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) >> for such a connection, but we don't know how to include it in the config >> file. >> >> Thanks >> >> Jacky z >> >> _______________________________________________ >> Users mailing >> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> >> >
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users