< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

Re: [reSIProcate] Resiprocate Client with OpenSER server.....trying to establish TLS connection :- Error when verifying server's chain of certificates: unable to get local issuer certificate

From: Ryan Kereliuk <ryker@xxxxxxxxx>
Date: Wed, 2 May 2007 06:21:18 -0600

Have a look at the code in Security.cxx - the expected directories and
file names are documented in the code there.  The exact location depends
on what platform you're using.  Try $HOME/.sipCerts/root_cert_blah.pem.

Thanks,
-Ryan

On 2007-05-02 at 10h15, Kundan Kumar wrote:
> hi...
> yeah.. I am using root certificate in PEM format as cacert.pem at
> /resiprocate/resip/certs and I gave path in /etc/ssl/openssl.cnf.
> Actually I have given the path for the certs also @
> /resiprocate/resip/certs/openssl.cnf. I am confused where exactly is this
> resiprocate looking for the exact path for the root CA certificate for
> verification of Server certificate. Correct me if I am wrong.
> 
> The following message is being seen in my logs....
> =====================================================================
> 
> Error whennnnnnnn verifying server's chain of certificates: self signed
> certificate in certificate chain, depth=1
> /CN=OpenSER/ST=SIP/C=IP/emailAddres
> ilnCode = 0
> TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed
> Error code = 336134278 file=s3_clnt.c line=89401:lib(0):func(0):reason(1)
> Couldn't TLS connect
> 
> =====================================================================
> 
> I will be very much obliged at your kind n earliest response....
> 
> 
> Thanks and regards,
> Kundan.
> 
> 
> On 5/1/07, Ryan Kereliuk <ryker@xxxxxxxxx> wrote:
> >
> >Are you sure you have the root certificate in PEM format in a location
> >that resiprocate is looking at?  If you enable DebugLog logging, do you
> >see a message like "Trying to load file <your_root_cert_file>"?
> >
> >Thanks,
> >-Ryan
> >
> >On 2007-05-01 at 17h43, Kundan Kumar wrote:
> >>
> >> While attempting TLS connection  through resiprocate  with  openSER
> >server
> >> ...giving  following errors:
> >> =======================================================================
> >> Error when verifying server's chain of certificates: unable to get local
> >> issuer certificate, depth=0 /C=IN/ST=AP/O=OC/OU=OCD/CN=VPN/emailAddre
> >> ========================================================================
> >>
> >> I generated root certificate using openssl and modified openssl.cnfplaced
> >> at /etc/ssl/openssl.cnf and resiprocate/resip/certs/openssl.cnf ..... I
> >have
> >> added the cacert.pem at the resiprocate client  also.
> >>
> >> Can anyone help me regarding above problem??
> >
> 
> 
> 
> -- 
> KUNDAN KUMAR.....

Follow-Ups:
- Re: [reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate
  - From: Scott Godin

References: