[OpenSIPS-Users] TLS Error

Andrew Colin andrewd.colin at gmail.com
Thu Sep 17 13:32:51 EST 2020


yes but why as that path is correct
and permissions etc are all fine

On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq <Johan at democon.be> wrote:

> it seems to me that it can't load your certificate.
>
> Op do 17 sep. 2020 om 15:16 schreef Andrew Colin <andrewd.colin at gmail.com
> >:
>
>> Hi Guys
>>
>> I am trying to get tls to work but getting some errors.
>> i am using letsencrypt and opensips 3.1
>>
>> my config is
>>
>> loadmodule "proto_tls.so"
>>
>>
>> loadmodule "tls_mgm.so"
>>
>>
>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>>
>>
>> modparam("tls_mgm", "server_domain", "dom1")
>>
>> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
>>
>> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
>>
>>
>>
>> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
>>
>> modparam("tls_mgm", "verify_cert", "[dom1]1")
>>
>> modparam("tls_mgm", "require_cert", "[dom1]1")
>>
>> modparam("tls_mgm", "certificate", "[dom1]/etc/letsencrypt/live/
>> mydomain.co.uk/cert.pem")
>>
>> modparam("tls_mgm", "private_key", "[dom1]/etc/letsencrypt/live/
>> mydomain.co.uk/privkey.pem")
>>
>> modparam("tls_mgm", "ca_list", "[dom1]/etc/letsencrypt/live/
>> mydomain.co.uk/cert.pem")
>>
>> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/
>> bmydomain.co.uk")
>>
>>
>>
>> but i get this error
>>
>>
>>
>> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client
>> certificates are mandatory.
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> ERROR:tls_mgm:load_certificate: unable to load certificate file
>> '/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod:
>> failed to initialize module tls_mgm
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error
>> while initializing modules
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
>> Exiting....
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200917/a9047897/attachment-0001.html>


More information about the Users mailing list