ms teams kamailio and opensips

Status
Not open for further replies.

andycol

Member
Jun 18, 2020
47
14
8
36
Both of them are giving me a headache with ssl certs
which ssl certs have you guys used to get it working?

as i keep getting

Sep 21 15:40:08 bitco-msteams /usr/sbin/kamailio[6896]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed


i am using a comodo ssl cert and a letsencrypt both give me the same
 

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,038
556
113
Letsencrypt, no problems whasoever, you using that dsiprouter as a base, if so his cacert.pem was bad, needed changing
 
  • Like
Reactions: andycol

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,038
556
113
Yes, there is a tls.cfg

Code:
#=======================================================
# This is the default server domain profile.
# Settings in this domain will be used for all incoming
# connections that do not match any other server
# domain in this configuration file.
#
# We do not enable anything else than TLSv1.2+
# over the public internet. Clients do not have
# to present client certificates by default.
#=======================================================
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/dsiprouter/certs/dsiprouter.key
certificate = /etc/dsiprouter/certs/dsiprouter.crt
ca_list = /etc/dsiprouter/certs/cacert.pem
#crl = /etc/dsiprouter/certs/tls/crl.pem

#=======================================================
# This is the default client domain profile.
# Settings in this domain will be used for all outgoing
# TLS connections that do not match any other
# client domain in this configuration file.
# We require that servers present valid certificate.
#=======================================================
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/dsiprouter/certs/dsiprouter.key
certificate = /etc/dsiprouter/certs/dsiprouter.crt
ca_list = /etc/dsiprouter/certs/cacert.pem

#=======================================================
# Other domain profiles may be added here
#=======================================================

They are regular letsencrypt certs on mine
 

andycol

Member
Jun 18, 2020
47
14
8
36
Thanks, at the risk of sounding retarded how did you get letsencrypt certs to be .crt and not .pem
 

robvandenbulk

Member
Mar 28, 2020
82
10
8
60
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.name.berlin/privkey.pem
certificate = /etc/letsencrypt/live/sbc.name.berlin/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.name.berlin/bc2025.pem
server_name = sbc.name.berlin

[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.name.berlin/privkey.pem
certificate = /etc/letsencrypt/live/sbc.name.berlin/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.name.berlin/bc2025.pem
 
Status
Not open for further replies.