[OpenSIPS-Users] Problems reloading TLS certs.
Bogdan-Andrei Iancu
bogdan at opensips.org
Thu Nov 20 10:29:45 UTC 2025
Hi Ryan,
Should I understand the version here
https://github.com/OpenSIPS/opensips/pull/3760 is quite some final,
working one ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
https://www.siphub.com
On 15.11.2025 01:07, Ryan Bullock wrote:
> Initial testing looks ok. You can see the patchset here
> https://github.com/rrb3942/opensips/tree/tls_mgm_reload
>
>
> On Thu, Nov 13, 2025 at 3:56 PM Matthew Schumacher <schu at schu.net> wrote:
>
> That’s helpful. If you message me the patch when you have it, I
> can help test.
>
>> On Nov 13, 2025, at 9:39 AM, Ryan Bullock <rrb3942 at gmail.com> wrote:
>>
>>
>> Hey Matt,
>>
>> OpenSIPs currently only supports tls_reload for domains managed
>> in a database. Coincidentally I started a patch set earlier this
>> week to allow reloading the keys, certificates, etc for domains
>> defined in the config script. No ETA on a pull request yet, it is
>> still in testing mode.
>>
>> On Wed, Nov 12, 2025 at 10:00 PM Matthew Schumacher
>> <schu at schu.net> wrote:
>>
>> Hello All,
>>
>> I have a 3.2 server where I can't reload certs. Is this
>> because I'm not
>> storing the certs in a database? How can I work around this?
>> The server
>> is never idle enough for me to restart and my cert expires in
>> a few
>> days. Am I forced to kick people off to restart? Also, is
>> there a way
>> to tell opensips to not accept any new calls? I'm not sure
>> how much that
>> will help, but it would be good to know.
>>
>> Thanks!
>>
>>
>> root at sbc:/etc/opensips# opensips-cli -f
>> /etc/opensips/opensips-cli.cfg
>> -x mi tls_reload
>> ERROR: command 'tls_reload' returned: 500: DB url not set
>>
>> root at sbc:/etc/opensips# opensips-cli -f
>> /etc/opensips/opensips-cli.cfg
>> -x mi tls_list
>> {
>> "Domains": [
>> {
>> "name": "client",
>> "type": "TLS_DOMAIN_CLI",
>> "IP ADDRESS FILTERS": [
>> "*"
>> ],
>> "SIP DOMAIN FILTERS": [
>> "*"
>> ],
>> "METHOD": "TLSv1_2",
>> "VERIFY_CERT": true,
>> "REQ_CLI_CERT": false,
>> "CRL_CHECKALL": false,
>> "CERT_FILE":
>> "/etc/ssl/certs/siptrunk_domain_net.crt",
>> "CRL_DIR": "",
>> "CA_FILE": "/etc/ssl/certs/ca-certificates.crt",
>> "CA_DIR": "/etc/pki/CA/",
>> "PKEY_FILE":
>> "/etc/ssl/certs/siptrunk_domain_net.key",
>> "CIPHER_LIST": "",
>> "DH_PARAMS_FILE": "",
>> "EC_CURVE": ""
>> },
>> {
>> "name": "server",
>> "type": "TLS_DOMAIN_SRV",
>> "IP ADDRESS FILTERS": [
>> "x.x.x.x:5061",
>> "y.y.y.y:5061"
>> ],
>> "SIP DOMAIN FILTERS": [
>> "*"
>> ],
>> "METHOD": "TLSv1_2",
>> "VERIFY_CERT": false,
>> "REQ_CLI_CERT": true,
>> "CRL_CHECKALL": false,
>> "CERT_FILE":
>> "/etc/ssl/certs/siptrunk_domain_net.crt",
>> "CRL_DIR": "",
>> "CA_FILE": "/etc/ssl/certs/ca-certificates.crt",
>> "CA_DIR": "/etc/pki/CA/",
>> "PKEY_FILE":
>> "/etc/ssl/certs/siptrunk_domain_net.key",
>> "CIPHER_LIST": "ALL:!aNULL:!eNULL:!MD5:!RC4",
>> "DH_PARAMS_FILE": "",
>> "EC_CURVE": ""
>> }
>> ]
>> }
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20251120/00a919a7/attachment.html>
More information about the Users
mailing list