tls CA certification

Get help with installing and running AsteriskNOW.

Moderators: Moderator, Support

tls CA certification

Postby jj_chiou » Wed Oct 08, 2014 7:29 pm

Hello guys :

I follow the o'rellybook guide http://www.asteriskdocs.org/en/3rd_Edit ... index.html for tls peering test in chapter 7 .

Why has different error message , and what error it happen ?

Thank you
for the following error message : ( I do tlsdontverifyserver=yes)

server A :
SSL CA file(/var/lib/asterisk/keys/ca.crt)/path() error
SSL certificate ok
[Oct 9 09:23:04] WARNING[29940]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!
[Oct 9 09:23:18] WARNING[29943]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!

ServerB:
SSL certificate ok
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Oct 9 09:25:24] WARNING[27002]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!
jj_chiou
Newsterisk
 
Posts: 27
Joined: Thu Oct 27, 2005 3:18 am

Re: tls CA certification

Postby jj_chiou » Wed Oct 08, 2014 8:55 pm

More detail information :

TLS certification failure

Sip.conf

server A :

tlsenable=yes ; Enable server for incoming TLS (secure) connections (default is no)
tlsbindaddr=0.0.0.0 ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
; Optionally add a port number, 192.168.1.1:5063 (default is port 5061)
; Remember that the IP address must match the common name (hostname) in the
; certificate, so you don't want to bind a TLS socket to multiple IP addresses.
; For details how to construct a certificate for SIP see

transport=tls ; http://tools.ietf.org/html/draft-ietf-sip-domain-certs
tlscertfile=</var/lib/asterisk/keys/serverB.pem>
tlscafile=</var/lib/asterisk/keys/ca.crt>
tlsdontverifyserver=[yes]





serverB:


tlsenable=yes ; Enable server for incoming TLS (secure) connections (default is no)
tlsbindaddr=0.0.0.0 ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
transport=tls ; Set the default transports. The order determines the primary default transport.
; If tcpenable=no and the transport set is tcp, we will fallback to UDP.


tlscertfile=</var/lib/asterisk/keys/serverB.pem>
tlscafile=</var/lib/asterisk/keys/ca.crt>
tlsdontverifyserver=[yes]


Error message :

ServerA:

SSL CA file(</var/lib/asterisk/keys/ca.crt>)/path() error
SSL certificate ok
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Oct 9 10:49:01] WARNING[30633]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!
[Oct 9 10:49:11] WARNING[30634]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!

serverB:

SSL CA file(</var/lib/asterisk/keys/ca.crt>)/path() error
SSL certificate ok
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Oct 9 10:50:49] WARNING[27668]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!
[Oct 9 10:50:53] WARNING[27669]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!
jj_chiou
Newsterisk
 
Posts: 27
Joined: Thu Oct 27, 2005 3:18 am

Re: tls CA certification

Postby jj_chiou » Thu Oct 09, 2014 12:57 am

I change configuration again , and recreate the CA , because I refer the document

https://techlib.barracuda.com/display/b ... +sip+proxy

recreate ca , pem file with ip ( -C 192.168.x.x)

It change the error message , it made me crazy .

SSL certificate ok
[Oct 9 14:54:30] ERROR[30433]: tcptls.c:220 handle_tcptls_connection: Certificate did not verify: certificate signature failure
SSL certificate ok
jj_chiou
Newsterisk
 
Posts: 27
Joined: Thu Oct 27, 2005 3:18 am

Re: tls CA certification

Postby jj_chiou » Thu Oct 09, 2014 1:22 am

Hello :

Thanks ! I have solve the problem !

Best Regard
jj_chiou
Newsterisk
 
Posts: 27
Joined: Thu Oct 27, 2005 3:18 am

Re: tls CA certification

Postby dbangia » Tue Oct 27, 2015 2:40 am

hi JJ,

I also observing same error in my asterisk.. Can you please share your steps to resolve this problem.

[Oct 27 13:35:02] WARNING[3663]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!

Regards,
Dhiraj Bangia
dbangia
Newsterisk
 
Posts: 1
Joined: Tue Oct 27, 2015 2:37 am


Return to AsteriskNOW Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron