[OpenSIPS-Users] TLS Error
Wang Wilson
wyhc at hotmail.com
Thu May 26 05:34:44 UTC 2022
Dear Bogdan-Andrei Iancu,
Thank you for the reply.
In fact I re-do the CA generation by following the Opensips TLS setting document (https://opensips.org/html/docs/tutorials/tls-1.4.x). From the request.conf I confirm that “default_md” is set to “sha1”. After I recopy the tls folder to the location /etc/opensips/tls and restart opensips service, it still shows the error message.
As for the log message, I like to check with you, if the previous three tls_mgm notice which tell some strange message that create such problem?
Regards
Wilson Wang
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: NOTICE:tls_mgm:init_tls_dom: No EC curve defined
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client certificates are NOT mandatory.
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined, using default '/etc/pki/CA/'
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:tls_mgm:load_certificate: unable to load certificate file '/etc/opensips/tls/user/user-cert.pem'
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default'
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:core:init_mod: failed to initialize module tls_mgm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220526/d8172a12/attachment.html>
More information about the Users
mailing list