[Users] "client did not present a certificate"(OpenSER 1.2 + EyeBeam 1.5 + TLS) !! need help!!

Bodin Bruno bbodin01 at univ-lr.fr
Mon Mar 26 14:15:04 CEST 2007


yanlin a écrit :
> Hi, all,
> i have been trying to test TLS support on OpenSER with EyeBeam client,
> but in no vain.
> OpenSER keep complaining that "client did not present a certificate".
> really need help! thanks in advance.
> here is some info of my environment:
> 1) OpenSER 1.2 and EyeBeam 1.5
> 2) run "openserctl tls rootCA", create "cacert.pem" under
> /etc/openser/tls/rootCA/.
> 3) run "openserctl tls userCERT", create "user-calist.pem
> user-cert.pem user-cert_req.pem user-privkey.pem" under
> /etc/openser/tls/user/.
> 4) i have set openser.cfg as follow:
> disable_tls = 0
> listen = tls:172.22.14.61:5061
> tls_verify_client = 0
> tls_require_client_certificate = 0
> tls_method = TLSv1
> tls_certificate = /etc/openser/tls/user/user-cert.pem"
> tls_private_key = "/etc/openser/tls/user/user-privkey.pem"
> tls_ca_list = "/etc/openser/tls/user/user-calist.pem"
> 5) copy "/etc/openser/tls/rootCA/cacert.pem" created at step 2) to
> EyeBeam clinet machine, which was a Windows XP machine, run
> "certmrg.msc" there, import this certificate to WindowXP "root
> certificate store".
> when run ... error occur. OpenSER complaint that "client did not
> present a certificate", and EyeBeam receive a "503 certificate name
> mismath".
> Any advise will be very appreciate !!
> yan lin
> yanlin at fortinet.com <mailto:yanlin at fortinet.com>
> 2007-3-26
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>   
Your error mean your don't use good certificat for client.
In openser tarball, try to use tls/tools/gen_XXX.sh script, with good
config file (Read README). That worked for me.

good Luck




More information about the Users mailing list