[OpenSIPS-Users] TLS client simple testing. What is a good result when handshake works?
Nabeel
nabeelshikder at gmail.com
Wed Jul 29 02:36:30 CEST 2015
Hi,
You are getting the message "self signed certificate in certificate chain"
because you haven't included your server's root certificate in the command,
with either -CApath or -CAfile option, for example add the following to the
command: -CApath /etc/ssl/certs
Then the response you receive should look like the following:
Start Time: 1438129754
Timeout : 300 (sec)
Verify return code: 0 (ok)
On 28 July 2015 at 20:12, Rodrigo Pimenta Carvalho <pimenta at inatel.br>
wrote:
> Hi.
>
> I have followed the tutorial about setting up the TLS. (
> http://www.opensips.org/Documentation/Tutorials-TLS-2-1 ). Then, I have
> run the command: "
>
> openssl s_client -showcerts -debug -connect <your-ip-address>:<port> -no_ssl2 -bugs", to test the handshake.
>
> But, what is an example of result for this command, telling me that everything is ok?
>
> I got:
>
> CONNECTED(00000003)
> ...
> ...
> ...
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ..
> ..
> ..
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1567 bytes and written 285 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES256-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : TLSv1
> Cipher : AES256-SHA
> Session-ID:
> Session-ID-ctx:
> Master-Key: 90D6174E13EFDF2317B8F24D0AEBC5A56C3633D7DFC1BF8ADF186672CD9F26B5D812BE595775DFE6416C31DDE736D217
> Key-Arg : None
> PSK identity: None
> PSK identity hint: None
> SRP username: None
> Start Time: 1438110339
> Timeout : 300 (sec)
> Verify return code: 19 (self signed certificate in certificate chain)
>
> So, did the handshake work? If not, what might be wrong?
> Any hint will be very helpful!
>
> Best Regards.
>
>
> RODRIGO PIMENTA CARVALHO
> Inatel Competence Center
> Software
> Ph: +55 35 3471 9200 RAMAL 979
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150729/95a103f4/attachment-0001.htm>
More information about the Users
mailing list