[OpenSIPS-Users] TLS verify client

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Jan 4 17:40:16 UTC 2023 

Right, but in the new cfg you should have


modparam("tls_mgm", "require_cert", "[dom2]0")

and not "1"

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Bootcamp 5-16 Dec 2022, online
   https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/

On 1/4/23 2:59 AM, L S wrote:
> Hi Bogdan,
>
> This worked for us:
>
> server verify_cert=0
> server require_cert=1
> client verify_cert=1
> client require_cert=1
>
> Thanks.
>
> On Tue, Jan 3, 2023, 2:07 PM Bogdan-Andrei Iancu <bogdan at opensips.org 
> <mailto:bogdan at opensips.org>> wrote:
>
>     Hi Matt,
>
>     I guess the "require_cert" should 0 for both domains, right ?
>
>     Regards,
>
>     Bogdan-Andrei Iancu
>
>     OpenSIPS Founder and Developer
>        https://www.opensips-solutions.com  <https://www.opensips-solutions.com>
>     OpenSIPS Bootcamp 5-16 Dec 2022, online
>        https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/  <https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/>
>
>     On 12/23/22 9:55 PM, L S wrote:
>>     Hi,
>>     We are upgrading from 1.11.5 tls to 3.2.9. In 1.11 we had issues
>>     with the client certificate so we had to set the following:
>>
>>     # 1.11 parameters
>>     tls_verify_server = 1
>>     tls_verify_client = 0 tls_require_client_certificate = 0
>>
>>     TLS works fine for us with those settings. Now we are trying to
>>     migrate them to 3.2.9 and having issues. Just wanted to confirm
>>     if the following is correct way to migrate those parameters to
>>     3.2? (Just included those parameters - the domains are set up
>>     correctly)
>>
>>     Server domain
>>     modparam("tls_mgm", "verify_cert", "[dom1]0")
>>     modparam("tls_mgm", "require_cert", "[dom1]0")
>>
>>     Client domain
>>     modparam("tls_mgm", "verify_cert", "[dom2]1")
>>     modparam("tls_mgm", "require_cert", "[dom2]1")
>>
>>     Thanks,
>>     Matt
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users  <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230104/ce466cec/attachment.html>

More information about the Users mailing list