[OpenSIPS-Users] TLS client simple testing. What is a good result when handshake works?
nabeelshikder at gmail.com
Wed Jul 29 02:36:30 CEST 2015
You are getting the message "self signed certificate in certificate chain"
because you haven't included your server's root certificate in the command,
with either -CApath or -CAfile option, for example add the following to the
command: -CApath /etc/ssl/certs
Then the response you receive should look like the following:
Start Time: 1438129754
Timeout : 300 (sec)
Verify return code: 0 (ok)
On 28 July 2015 at 20:12, Rodrigo Pimenta Carvalho <pimenta at inatel.br>
> I have followed the tutorial about setting up the TLS. (
> http://www.opensips.org/Documentation/Tutorials-TLS-2-1 ). Then, I have
> run the command: "
> openssl s_client -showcerts -debug -connect <your-ip-address>:<port> -no_ssl2 -bugs", to test the handshake.
> But, what is an example of result for this command, telling me that everything is ok?
> I got:
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> No client certificate CA names sent
> SSL handshake has read 1567 bytes and written 285 bytes
> New, TLSv1/SSLv3, Cipher is AES256-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> Protocol : TLSv1
> Cipher : AES256-SHA
> Master-Key: 90D6174E13EFDF2317B8F24D0AEBC5A56C3633D7DFC1BF8ADF186672CD9F26B5D812BE595775DFE6416C31DDE736D217
> Key-Arg : None
> PSK identity: None
> PSK identity hint: None
> SRP username: None
> Start Time: 1438110339
> Timeout : 300 (sec)
> Verify return code: 19 (self signed certificate in certificate chain)
> So, did the handshake work? If not, what might be wrong?
> Any hint will be very helpful!
> Best Regards.
> RODRIGO PIMENTA CARVALHO
> Inatel Competence Center
> Ph: +55 35 3471 9200 RAMAL 979
> Users mailing list
> Users at lists.opensips.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users