[OpenSIPS-Users] root CA config file (/usr/local//etc/opensips//tls/ca.conf) does not exist

Nabeel nabeelshikder at gmail.com
Thu Jun 25 21:34:16 CEST 2015


Yes, downloading from GIT does create the TLS files correctly.

On 25 June 2015 at 13:45, Bogdan-Andrei Iancu <bogdan at opensips.org> wrote:

>  Try to grab 2.1 from the GIT repo and let me know if that works for you.
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>
> On 25.06.2015 14:05, Nabeel wrote:
>
> I did not download the sources from git; I downloaded directly from the
> OpenSIPS website from this link:
> http://opensips.org/pub/opensips/latest/src/
>
> If git is more reliable, the download links should peehaps point to the
> git repositories.
>
> I am using CentOS 7, if that makes any difference.
>  On 25 Jun 2015 11:55, "Bogdan-Andrei Iancu" <bogdan at opensips.org> wrote:
>
>>  Hi,
>>
>> A fresh installation of 2.1 (sources from GIT) produces:
>>
>> $ ls -laR /tmp/opensips_test/etc/opensips/tls/
>> /tmp/opensips_test/etc/opensips/tls/:
>> total 32
>> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 .
>> drwx------ 3 bogdan bogdan 4096 iun 25 13:29 ..
>> -rw-r--r-- 1 bogdan bogdan 2049 iun 25 13:29 ca.conf
>> -rw-r--r-- 1 bogdan bogdan 1048 iun 25 13:29 README
>> -rw-r--r-- 1 bogdan bogdan 1127 iun 25 13:29 request.conf
>> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 rootCA
>> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 user
>> -rw-r--r-- 1 bogdan bogdan  591 iun 25 13:29 user.conf
>>
>> /tmp/opensips_test/etc/opensips/tls/rootCA:
>> total 28
>> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 .
>> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 ..
>> -rw-r--r-- 1 bogdan bogdan 1338 iun 25 13:29 cacert.pem
>> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 certs
>> -rw-r--r-- 1 bogdan bogdan  135 iun 25 13:29 index.txt
>> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 private
>> -rw-r--r-- 1 bogdan bogdan    3 iun 25 13:30 serial
>>
>> /tmp/opensips_test/etc/opensips/tls/rootCA/certs:
>> total 12
>> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
>> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 ..
>> -rw-r--r-- 1 bogdan bogdan 3023 iun 25 13:30 01.pem
>>
>> /tmp/opensips_test/etc/opensips/tls/rootCA/private:
>> total 12
>> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
>> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:30 ..
>> -rw-r--r-- 1 bogdan bogdan 1834 iun 25 13:30 cakey.pem
>>
>> /tmp/opensips_test/etc/opensips/tls/user:
>> total 24
>> drwxrwxr-x 2 bogdan bogdan 4096 iun 25 13:30 .
>> drwxrwxr-x 4 bogdan bogdan 4096 iun 25 13:29 ..
>> -rw-r--r-- 1 bogdan bogdan 1338 iun 25 13:30 user-calist.pem
>> -rw-r--r-- 1 bogdan bogdan 3023 iun 25 13:30 user-cert.pem
>> -rw-r--r-- 1 bogdan bogdan  530 iun 25 13:30 user-cert_req.pem
>> -rw-r--r-- 1 bogdan bogdan  526 iun 25 13:30 user-privkey.pem
>>
>>
>> All the TLS files seems to be in place. For 2.1 there is no specific
>> switch for TLS, it is by default present, there is not need for extra
>> options or env variables. Just to "make install"
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>>
>> On 25.06.2015 03:03, Nabeel wrote:
>>
>> I just installed version 1.11.5 of OpenSIPS and this version does have
>> all the TLS files included.  I should have downloaded this version all
>> along because version 2.1 clearly needs to be fixed.
>>
>> On 25 June 2015 at 00:36, Nabeel <nabeelshikder at gmail.com> wrote:
>>
>>> Where are the 'example' openssl certificates as mentioned in the link
>>> above?  In the source files folder, there is no /etc/tls folder, and there
>>> are no example certificates in the [source]/examples folder either.
>>>
>>> On 25 June 2015 at 00:26, Nabeel <nabeelshikder at gmail.com> wrote:
>>>
>>>> I tried installing OpenSIPS two more times, once through the menuconfig
>>>> interface with TLS enabled, and another time with "TLS=1 make install"
>>>> command.  Both times, the /etc/opensips/tls directory only has empty
>>>> directories, with no files inside.  The following directories are created
>>>> with no files inside:
>>>>
>>>>  [installdirectory]/etc/opensips/tls
>>>>  [installdirectory]/etc/opensips/tls/rootCA
>>>>  [installdirectory]/etc/opensips/tls/user
>>>>  [installdirectory]/etc/opensips/tls/rootCA/certs
>>>>  [installdirectory]/etc/opensips/tls/rootCA/private
>>>>
>>>>  All these directories are empty?  Is this normal?
>>>>
>>>>  At the following link I see someone refer to an OpenSIPS source which
>>>> has tls included "opensips-1.9.1-tls".  Is this a specific source
>>>> tarball with TLS enabled?  Is there one for version 2.1?
>>>>
>>>>
>>>> https://github.com/antonraharja/book-opensips-101/blob/master/content/3.2.%20SIP%20TLS%20Secure%20Calling.mediawiki
>>>>
>>>>
>>>>
>>>> On 24 June 2015 at 15:30, Bogdan-Andrei Iancu <bogdan at opensips.org>
>>>> wrote:
>>>>
>>>>>  Hi,
>>>>>
>>>>> What OpenSIPS version do you have ? also, note that you need also to
>>>>> install OpenSIPS with the TLS option on, otherwise the tls directory will
>>>>> not be created.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Bogdan-Andrei Iancu
>>>>> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>>>>>
>>>>>  On 24.06.2015 17:14, Nabeel wrote:
>>>>>
>>>>>  # opensipsctl tls rootCA
>>>>> ERROR: root CA config file (/usr/local//etc/opensips//tls/ca.conf)
>>>>> does not exist
>>>>>
>>>>> In fact,  that whole tls directory is empty,  even though my OpenSIPS
>>>>> instance has been compiled with tls support.   Where can I download the CA
>>>>> files?
>>>>>
>>>>>
>>>>>  _______________________________________________
>>>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150625/57598c87/attachment-0001.htm>


More information about the Users mailing list