[OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked.

Liviu Chircu liviu at opensips.org
Tue Jul 28 15:50:11 CEST 2015


Usually between 7 - 14 days, with the occasional exceptions.

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 16:42, Rodrigo Pimenta Carvalho wrote:
>
> Hi Liviu.
>
>
> I have just investigated a bit more about the issue.
>
>
> The problem is related to the creation of the files (following the 
> tutorial on page 
> http://www.opensips.org/Documentation/Tutorials-TLS-2-1). 
> <http://www.opensips.org/Documentation/Tutorials-TLS-2-1> There is no 
> problem to read the files (read CAKey or cert files)
>
> I have concluded it because I replaced the OpenSIPS certificate files 
> by others that I had generated in 2014 using another tutorial.
>
>
> Ok. I will open a GitHub ticket now.
>
>
> We are working in a project that will have to use OpenSIPS 2.2. Do you 
> know, in an average, how long does it take to have a new ticket solved 
> and closed?
>
>
> Thank you very much for pointing the way of opening a Github ticket!
>
>
> RODRIGO PIMENTA CARVALHO
> Inatel Competence Center
> Software
> Ph: +55 35 3471 9200 RAMAL 979
> ------------------------------------------------------------------------
> *De:* users-bounces at lists.opensips.org 
> <users-bounces at lists.opensips.org> em nome de Liviu Chircu 
> <liviu at opensips.org>
> *Enviado:* terça-feira, 28 de julho de 2015 10:30
> *Para:* users at lists.opensips.org
> *Assunto:* Re: [OpenSIPS-Users] Unable to load my private key file 
> (TLS) in OpenSIPS 2.2. What should I check? Default example worked.
> Hi Rodrigo,
>
> It's just a web portal, you can find it here [1]. Register a new 
> account, open a new issue, describe/explain it as best as you can, and 
> we'll do our best to have it fixed and buried! Many thanks!
>
> [1]: 
> https://github.com/OpenSIPS/opensips/issues?q=is%3Aopen+is%3Aissue+label%3Abug
>
> Best regards,
> Liviu Chircu
> OpenSIPS Developer
> http://www.opensips-solutions.com
> On 28.07.2015 15:56, Rodrigo Pimenta Carvalho wrote:
>>
>> Hi Liviu.
>>
>>
>> Your hint has worked.
>>
>> So, could you send me the instructions on how to open a GitHub 
>> ticket? I still don't know how to open this, because I'm new on Git.
>>
>> While you send me the instructions, I will try to use old certificate 
>> files that I have since 2014, just to see if the issue is about 
>> reading or creating the files via OpenSIPS.
>>
>>
>> Many thanks.
>>
>>
>> RODRIGO PIMENTA CARVALHO
>> Inatel Competence Center
>> Software
>> Ph: +55 35 3471 9200 RAMAL 979
>> ------------------------------------------------------------------------
>> *De:* users-bounces at lists.opensips.org 
>> <users-bounces at lists.opensips.org> em nome de Liviu Chircu 
>> <liviu at opensips.org>
>> *Enviado:* terça-feira, 28 de julho de 2015 02:54
>> *Para:* users at lists.opensips.org
>> *Assunto:* Re: [OpenSIPS-Users] Unable to load my private key file 
>> (TLS) in OpenSIPS 2.2. What should I check? Default example worked.
>> Hi Rodrigo,
>>
>> Could you try to decrypt the key manually (i.e. remove the 
>> passphrase), and use the resulting key in OpenSIPS? You can use the 
>> following example:
>>
>> cp your_keyyour_key.bak
>> openssl rsa -inyour_key  -out new_key
>> If this works for you, could you please open a GitHub ticket? Many 
>> thanks!
>>
>> Best regards,
>> Liviu Chircu
>> OpenSIPS Developer
>> http://www.opensips-solutions.com
>> On 28.07.2015 00:34, Rodrigo Pimenta Carvalho wrote:
>>>
>>> Hi.
>>>
>>>
>>> 1 - I have read and followed all the instructions on page 
>>> http://www.opensips.org/Documentation/Tutorials-TLS-2-1 . It is 
>>> about how to set up TLS in OpenSIPS 2.1. Good tutorial for 
>>> beginners. But, there is no tutorial for it in version 2.2
>>>
>>> 2 - I have read all the instructions from page 
>>> http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html . 
>>> This is the OpenSIPS TLS Module Guide.
>>>
>>>
>>> 3 - Considering all instructions I have learnt today, I wrote the 
>>> following configuration:
>>>
>>>
>>> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>
>>>
>>> loadmodule "proto_tls.so"
>>>
>>> modparam("proto_tls","verify_cert", "1")
>>> modparam("proto_tls","require_cert", "0")
>>> modparam("proto_tls","tls_method", "tlsv1")
>>>
>>> #modparam("proto_tls","certificate", 
>>> "/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem")     
>>>        # This line was generated automatically, after using the make 
>>> menuconfig. It works very well.
>>> #modparam("proto_tls","private_key", 
>>> "/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem") 
>>>      # This line was generated automatically, after using the make 
>>> menuconfig. It works very well.
>>> #modparam("proto_tls","ca_list", 
>>> "/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem") # 
>>> This line was generated automatically, after using the make 
>>> menuconfig. It works very well.
>>>
>>>
>>>  modparam("proto_tls", "certificate", 
>>> "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem")             
>>>     # I want to use the files generated by me, following the 
>>> tutorial on how to set up TLS. No problem here.
>>>  modparam("proto_tls", "private_key", 
>>> "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem")       
>>>   # File also generated by me, following the tutorial. ERROR here.  
>>> What is the problem??
>>>  modparam("proto_tls", "ca_list", 
>>> "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") # I want to 
>>> use the files generated by me, following the tutorial on how to set 
>>> up TLS. No problem here.
>>>  modparam("proto_tls", "ca_dir", 
>>> "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/")                       
>>>     # I want to use the files generated by me, following the 
>>> tutorial on how to set up TLS. No problem here.
>>>
>>>
>>> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>
>>>
>>> 4. All paths I'm using in such configuration are real and correct.
>>>
>>>
>>> 5. When I try to run the OpenSIPS, I always got the erro:
>>>
>>>
>>> Jul 27 18:02:02 [13783] WARNING:proto_tls:mod_init: disabling 
>>> compression due ZLIB problems
>>>
>>> ...
>>>
>>> ...
>>>
>>> Enter passphrase for 
>>> /home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem:
>>> Jul 27 18:02:02 [13783] ERROR:proto_tls:load_private_key: unable to 
>>> load private key file 
>>> '/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem'.
>>>
>>>
>>> So, the file cakey.pem cann't be loaded. But, I'm running the 
>>> OpenSIPS as a superuser.
>>>
>>>
>>>
>>> What should I check in my files to verify whether I have made some 
>>> mistake?
>>>
>>> To follow the tutorial for version 2.1 and to use the version 2.2 
>>> can cause troubles? I tutorial I see "TLSv1" and in the module guide 
>>> I see "tlsv1". Is the script case sensitive?
>>>
>>>
>>> The issued file is: -rw------- 1 root root 1834 Jul 24 14:54 
>>> /home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem. Can it 
>>> be owned by root user, or must be another one?
>>>
>>>
>>> I have just googled this case and I found same problem for people 
>>> who was using wrong key file, which I think is not my case.
>>>
>>>
>>> Any hint will be very helpful!
>>>
>>>
>>> Thanks a lot!
>>>
>>>
>>>
>>> RODRIGO PIMENTA CARVALHO
>>> Inatel Competence Center
>>> Software
>>> Ph: +55 35 3471 9200 RAMAL 979
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150728/9a8d52d8/attachment.htm>


More information about the Users mailing list