[OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked.

Liviu Chircu liviu at opensips.org
Tue Jul 28 07:54:19 CEST 2015


Hi Rodrigo,

Could you try to decrypt the key manually (i.e. remove the passphrase), 
and use the resulting key in OpenSIPS? You can use the following example:

cp your_keyyour_key.bak
openssl rsa -inyour_key  -out new_key

If this works for you, could you please open a GitHub ticket? Many thanks!

Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 00:34, Rodrigo Pimenta Carvalho wrote:
>
> Hi.
>
>
> 1 - I have read and followed all the instructions on page 
> http://www.opensips.org/Documentation/Tutorials-TLS-2-1 
> <http://www.opensips.org/Documentation/Tutorials-TLS-2-1> . It is 
> about how to set up TLS in OpenSIPS 2.1. Good tutorial for beginners. 
> But, there is no tutorial for it in version 2.2
>
> 2 - I have read all the instructions from page 
> http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html 
> <http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html> . 
> This is the OpenSIPS TLS Module Guide.
>
>
> 3 - Considering all instructions I have learnt today, I wrote the 
> following configuration:
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> loadmodule "proto_tls.so"
>
> modparam("proto_tls","verify_cert", "1")
> modparam("proto_tls","require_cert", "0")
> modparam("proto_tls","tls_method", "tlsv1")
>
> #modparam("proto_tls","certificate", 
> "/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem")       
>      # This line was generated automatically, after using the make 
> menuconfig. It works very well.
> #modparam("proto_tls","private_key", 
> "/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem")   
>    # This line was generated automatically, after using the make 
> menuconfig. It works very well.
> #modparam("proto_tls","ca_list", 
> "/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem") # 
> This line was generated automatically, after using the make 
> menuconfig. It works very well.
>
>
>  modparam("proto_tls", "certificate", 
> "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem")               
>   # I want to use the files generated by me, following the tutorial on 
> how to set up TLS. No problem here.
>  modparam("proto_tls", "private_key", 
> "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem")         
> # File also generated by me, following the tutorial. ERROR here.  What 
> is the problem??
>  modparam("proto_tls", "ca_list", 
> "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") # I want to 
> use the files generated by me, following the tutorial on how to set up 
> TLS. No problem here.
>  modparam("proto_tls", "ca_dir", 
> "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/")                         
>   # I want to use the files generated by me, following the tutorial on 
> how to set up TLS. No problem here.
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> 4. All paths I'm using in such configuration are real and correct.
>
>
> 5. When I try to run the OpenSIPS, I always got the erro:
>
>
> Jul 27 18:02:02 [13783] WARNING:proto_tls:mod_init: disabling 
> compression due ZLIB problems
>
> ...
>
> ...
>
> Enter passphrase for 
> /home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem:
> Jul 27 18:02:02 [13783] ERROR:proto_tls:load_private_key: unable to 
> load private key file 
> '/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem'.
>
>
> So, the file cakey.pem cann't be loaded. But, I'm running the OpenSIPS 
> as a superuser.
>
>
>
> What should I check in my files to verify whether  I have made some 
> mistake?
>
> To follow the tutorial for version 2.1 and to use the version 2.2 can 
> cause troubles? I tutorial I see "TLSv1" and in the module guide I see 
> "tlsv1". Is the script case sensitive?
>
>
> The issued file is: -rw------- 1 root root 1834 Jul 24 14:54 
> /home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem. Can it be 
> owned by root user, or must be another one?
>
>
> I have just googled this case and I found same problem for people who 
> was using wrong key file, which I think is not my case.
>
>
> Any hint will be very helpful!
>
>
> Thanks a lot!
>
>
>
> RODRIGO PIMENTA CARVALHO
> Inatel Competence Center
> Software
> Ph: +55 35 3471 9200 RAMAL 979
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150728/92cb55e4/attachment.htm>


More information about the Users mailing list