[OpenSIPS-Users] root CA config file (/usr/local//etc/opensips//tls/ca.conf) does not exist

Nabeel nabeelshikder at gmail.com
Thu Jun 25 13:05:08 CEST 2015


I did not download the sources from git; I downloaded directly from the
OpenSIPS website from this link:
http://opensips.org/pub/opensips/latest/src/

If git is more reliable, the download links should peehaps point to the git
repositories.

I am using CentOS 7, if that makes any difference.
 On 25 Jun 2015 11:55, "Bogdan-Andrei Iancu" <bogdan at opensips.org> wrote:

>  Hi,
>
> A fresh installation of 2.1 (sources from GIT) produces:
>
> $ ls -laR /tmp/opensips_test/etc/opensips/tls/
> /tmp/opensips_test/etc/opensips/tls/:
> total 32
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 .
> drwx------ 3 bogdan bogdan 4096 iun 25 13:29 ..
> -rw-r--r-- 1 bogdan bogdan 2049 iun 25 13:29 ca.conf
> -rw-r--r-- 1 bogdan bogdan 1048 iun 25 13:29 README
> -rw-r--r-- 1 bogdan bogdan 1127 iun 25 13:29 request.conf
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 rootCA
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 user
> -rw-r--r-- 1 bogdan bogdan  591 iun 25 13:29 user.conf
>
> /tmp/opensips_test/etc/opensips/tls/rootCA:
> total 28
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 .
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 ..
> -rw-r--r-- 1 bogdan bogdan 1338 iun 25 13:29 cacert.pem
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 certs
> -rw-r--r-- 1 bogdan bogdan  135 iun 25 13:29 index.txt
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 private
> -rw-r--r-- 1 bogdan bogdan    3 iun 25 13:30 serial
>
> /tmp/opensips_test/etc/opensips/tls/rootCA/certs:
> total 12
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 ..
> -rw-r--r-- 1 bogdan bogdan 3023 iun 25 13:30 01.pem
>
> /tmp/opensips_test/etc/opensips/tls/rootCA/private:
> total 12
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 ..
> -rw-r--r-- 1 bogdan bogdan 1834 iun 25 13:30 cakey.pem
>
> /tmp/opensips_test/etc/opensips/tls/user:
> total 24
> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 ..
> -rw-r--r-- 1 bogdan bogdan 1338 iun 25 13:30 user-calist.pem
> -rw-r--r-- 1 bogdan bogdan 3023 iun 25 13:30 user-cert.pem
> -rw-r--r-- 1 bogdan bogdan  530 iun 25 13:30 user-cert_req.pem
> -rw-r--r-- 1 bogdan bogdan  526 iun 25 13:30 user-privkey.pem
>
>
> All the TLS files seems to be in place. For 2.1 there is no specific
> switch for TLS, it is by default present, there is not need for extra
> options or env variables. Just to "make install"
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>
> On 25.06.2015 03:03, Nabeel wrote:
>
> I just installed version 1.11.5 of OpenSIPS and this version does have all
> the TLS files included.  I should have downloaded this version all along
> because version 2.1 clearly needs to be fixed.
>
> On 25 June 2015 at 00:36, Nabeel <nabeelshikder at gmail.com> wrote:
>
>> Where are the 'example' openssl certificates as mentioned in the link
>> above?  In the source files folder, there is no /etc/tls folder, and there
>> are no example certificates in the [source]/examples folder either.
>>
>> On 25 June 2015 at 00:26, Nabeel <nabeelshikder at gmail.com> wrote:
>>
>>> I tried installing OpenSIPS two more times, once through the menuconfig
>>> interface with TLS enabled, and another time with "TLS=1 make install"
>>> command.  Both times, the /etc/opensips/tls directory only has empty
>>> directories, with no files inside.  The following directories are created
>>> with no files inside:
>>>
>>>  [installdirectory]/etc/opensips/tls
>>>  [installdirectory]/etc/opensips/tls/rootCA
>>>  [installdirectory]/etc/opensips/tls/user
>>>  [installdirectory]/etc/opensips/tls/rootCA/certs
>>>  [installdirectory]/etc/opensips/tls/rootCA/private
>>>
>>>  All these directories are empty?  Is this normal?
>>>
>>>  At the following link I see someone refer to an OpenSIPS source which
>>> has tls included "opensips-1.9.1-tls".  Is this a specific source
>>> tarball with TLS enabled?  Is there one for version 2.1?
>>>
>>>
>>> https://github.com/antonraharja/book-opensips-101/blob/master/content/3.2.%20SIP%20TLS%20Secure%20Calling.mediawiki
>>>
>>>
>>>
>>> On 24 June 2015 at 15:30, Bogdan-Andrei Iancu <bogdan at opensips.org>
>>> wrote:
>>>
>>>>  Hi,
>>>>
>>>> What OpenSIPS version do you have ? also, note that you need also to
>>>> install OpenSIPS with the TLS option on, otherwise the tls directory will
>>>> not be created.
>>>>
>>>> Regards,
>>>>
>>>> Bogdan-Andrei Iancu
>>>> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>>>>
>>>>  On 24.06.2015 17:14, Nabeel wrote:
>>>>
>>>>  # opensipsctl tls rootCA
>>>> ERROR: root CA config file (/usr/local//etc/opensips//tls/ca.conf) does
>>>> not exist
>>>>
>>>> In fact,  that whole tls directory is empty,  even though my OpenSIPS
>>>> instance has been compiled with tls support.   Where can I download the CA
>>>> files?
>>>>
>>>>
>>>>  _______________________________________________
>>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>>
>>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150625/d753d3b5/attachment-0001.htm>


More information about the Users mailing list