< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

Re: [reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate

From: "Scott Godin" <slgodin@xxxxxxxxxxxx>
Date: Thu, 3 May 2007 08:12:56 -0400

Assuming from the CN=OpenSER that this is a certificate presented from OpenSER….

You must have the RootCA certificate of the CA that created the OpenSER certificate present in the correct directory for resip. Resip is failing to verify the certificate presented by OpenSER.

From: Kundan Kumar [mailto:kundancs@xxxxxxxxx]
Sent: Thursday, May 03, 2007 6:33 AM
To: Scott Godin
Cc: Ryan Kereliuk; resiprocate-devel@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate

Thanks for Information..
I generated
CA certificate(cacert.pem) through makeCA which is given in resiprocate/resip/certs/
Private Key(domain_key_DOMAIN-NAME.pem)
public key as domain_cert_DOMAIN- NAME.pem through makeCert which is given in resiprocate/resip/certs/

But still getting same Error as:
=====================================================================
Error when verifying server's chain of certificates: self signed certificate in certificate chain, depth=1 /CN=OpenSER/ST=SIP/C=IP/emailAddres
TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
=====================================================================
so please give pointer to solve above problems.
I will be very much obliged at your kind n response....
Thanks!!!!!

On 5/2/07, Scott Godin < slgodin@xxxxxxxxxxxx > wrote:

Also some info here: http://www.resiprocate.org/Certificates

Scott

From: resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxxx on behalf of Ryan Kereliuk
Sent: Wed 5/2/2007 8:21 AM
To: Kundan Kumar
Cc: resiprocate-devel@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate

Have a look at the code in Security.cxx - the expected directories and
file names are documented in the code there. The exact location depends
on what platform you're using. Try $HOME/.sipCerts/root_cert_blah.pem.

Thanks,
-Ryan

On 2007-05-02 at 10h15, Kundan Kumar wrote:
> hi...
> yeah.. I am using root certificate in PEM format as cacert.pem at
> /resiprocate/resip/certs and I gave path in /etc/ssl/openssl.cnf.
> Actually I have given the path for the certs also @
> /resiprocate/resip/certs/openssl.cnf. I am confused where exactly is this
> resiprocate looking for the exact path for the root CA certificate for
> verification of Server certificate. Correct me if I am wrong.
>
> The following message is being seen in my logs....
> =====================================================================
>
> Error whennnnnnnn verifying server's chain of certificates: self signed
> certificate in certificate chain, depth=1
> /CN=OpenSER/ST=SIP/C=IP/emailAddres
> ilnCode = 0
> TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed
> Error code = 336134278 file=s3_clnt.c line=89401:lib(0):func(0):reason(1)
> Couldn't TLS connect
>
> =====================================================================
>
> I will be very much obliged at your kind n earliest response....
>
>
> Thanks and regards,
> Kundan.
>
>
> On 5/1/07, Ryan Kereliuk <ryker@xxxxxxxxx> wrote:
> >
> >Are you sure you have the root certificate in PEM format in a location
> >that resiprocate is looking at? If you enable DebugLog logging, do you
> >see a message like "Trying to load file <your_root_cert_file>"?
> >
> >Thanks,
> >-Ryan
> >
> >On 2007-05-01 at 17h43, Kundan Kumar wrote:
> >>
> >> While attempting TLS connection through resiprocate with openSER
> >server
> >> ...giving following errors:
> >> =======================================================================
> >> Error when verifying server's chain of certificates: unable to get local
> >> issuer certificate, depth=0 /C=IN/ST=AP/O=OC/OU=OCD/CN=VPN/emailAddre
> >> ========================================================================
> >>
> >> I generated root certificate using openssl and modified openssl.cnfplaced
> >> at /etc/ssl/openssl.cnf and resiprocate/resip/certs/openssl.cnf ..... I
> >have
> >> added the cacert.pem at the resiprocate client also.
> >>
> >> Can anyone help me regarding above problem??
> >
>
>
>
> --
> KUNDAN KUMAR.....

_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel

--
KUNDAN KUMAR.....

Follow-Ups:
- Re: [reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate
  - From: Kundan Kumar

References: