[OpenSIPS-Users] TLS Error

[Wang Wilson]

Dear Bogdan-Andrei Iancu,

Thank you for the reply.

In fact I re-do the CA generation by following the Opensips TLS setting document (https://opensips.org/html/docs/tutorials/tls-1.4.x). From the request.conf I confirm that “default_md” is set to “sha1”. After I recopy the tls folder to the location /etc/opensips/tls and restart opensips service, it still shows the error message.

As for the log message, I like to check with you, if the previous three tls_mgm notice which tell some strange message that create such problem?

Regards
Wilson Wang

May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: NOTICE:tls_mgm:init_tls_dom: No EC curve defined
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client certificates are NOT mandatory.
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined, using default '/etc/pki/CA/'
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:tls_mgm:load_certificate: unable to load certificate file '/etc/opensips/tls/user/user-cert.pem'
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default'
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:core:init_mod: failed to initialize module tls_mgm


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220526/d8172a12/attachment.html>