Have a look at the code in
Security.cxx - the expected directories and
file names are documented in the code there. The exact location depends
on what platform you're using. Try $HOME/.sipCerts/root_cert_blah.pem.
Thanks,
-Ryan
On 2007-05-02 at 10h15, Kundan Kumar wrote:
> hi...
> yeah.. I am using root certificate in PEM format as cacert.pem at
> /resiprocate/resip/certs and I gave path in /etc/ssl/openssl.cnf.
> Actually I have given the path for the certs also @
> /resiprocate/resip/certs/openssl.cnf. I am confused where exactly is this
> resiprocate looking for the exact path for the root CA certificate for
> verification of Server certificate. Correct me if I am wrong.
>
> The following message is being seen in my logs....
> =====================================================================
>
> Error whennnnnnnn verifying server's chain of certificates: self signed
> certificate in certificate chain, depth=1
> /CN=OpenSER/ST=SIP/C=IP/emailAddres
> ilnCode = 0
> TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed
> Error code = 336134278 file=s3_clnt.c line=89401:lib(0):func(0):reason(1)
> Couldn't TLS connect
>
> =====================================================================
>
> I will be very much obliged at your kind n earliest response....
>
>
> Thanks and regards,
> Kundan.
>
>
> On 5/1/07, Ryan Kereliuk <ryker@xxxxxxxxx> wrote:
> >
> >Are you sure you have the root certificate in PEM format in a location
> >that resiprocate is looking at? If you enable DebugLog logging,
do you
> >see a message like "Trying to load file
<your_root_cert_file>"?
> >
> >Thanks,
> >-Ryan
> >
> >On 2007-05-01 at 17h43, Kundan Kumar wrote:
> >>
> >> While attempting TLS connection through resiprocate
with openSER
> >server
> >> ...giving following errors:
> >>
=======================================================================
> >> Error when verifying server's chain of certificates: unable to
get local
> >> issuer certificate, depth=0
/C=IN/ST=AP/O=OC/OU=OCD/CN=VPN/emailAddre
> >>
========================================================================
> >>
> >> I generated root certificate using openssl and modified
openssl.cnfplaced
> >> at /etc/ssl/openssl.cnf and resiprocate/resip/certs/openssl.cnf
..... I
> >have
> >> added the cacert.pem at the resiprocate client also.
> >>
> >> Can anyone help me regarding above problem??
> >
>
>
>
> --
> KUNDAN KUMAR.....