Re: [reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate

["Kundan Kumar" <kundancs@xxxxxxxxx>]

Thanks for reply...
This time I did not get error " self signed certificate in certificate chain "
But still getting error as 
====================================================
TLS connection failed ok=-1 err=5 error:00000005:lib(0):func(0):DH
(SSL Error want syscall)
Error may be because trying ssl connection to tls server20070503
Couldn't TLS connect trying ssl connection to tls server20070503
====================================================
Under TlsConnection.cxx in resiprocate/stack/, ssl_connect( ) is failing and returns -1. The error  description is as above. But we are puzzled why the client is trying SSL connection as we have given sslType as TLSV1.

Plz help us folks......

Best Regards,
Kundan.

On 5/3/07, Scott Godin <slgodin@xxxxxxxxxxxx > wrote:

Assuming from the CN=OpenSER that this is a certificate presented from OpenSER….

 

You must have the RootCA certificate of the CA that created the OpenSER certificate present in the correct directory for resip.  Resip is failing to verify the certificate presented by OpenSER.

 

From: Kundan Kumar [mailto:kundancs@xxxxxxxxx]
Sent: Thursday, May 03, 2007 6:33 AM
To: Scott Godin
Cc: Ryan Kereliuk; resiprocate-devel@xxxxxxxxxxxxxxxxxxxx

Subject: Re: [reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate

 

Thanks for Information..
I generated
CA certificate(cacert.pem) through makeCA which is given in resiprocate/resip/certs/
Private Key(domain_key_DOMAIN-NAME.pem)
public key as domain_cert_DOMAIN- NAME.pem through makeCert which is given in resiprocate/resip/certs/

But still getting same Error as:
=====================================================================
Error when  verifying server's chain of certificates: self signed certificate in certificate chain, depth=1 /CN=OpenSER/ST=SIP/C=IP/emailAddres
TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
=====================================================================
so please give pointer to solve above problems.
I will be very much obliged at your kind n response....
Thanks!!!!!

On 5/2/07, Scott Godin < slgodin@xxxxxxxxxxxx > wrote:

Also some info here:  http://www.resiprocate.org/Certificates

 

Scott

 

---

From: resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxxx on behalf of Ryan Kereliuk
Sent: Wed 5/2/2007 8:21 AM
To: Kundan Kumar
Cc: resiprocate-devel@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate

Have a look at the code in Security.cxx - the expected directories and
file names are documented in the code there.  The exact location depends
on what platform you're using.  Try $HOME/.sipCerts/root_cert_blah.pem.

Thanks,
-Ryan

On 2007-05-02 at 10h15, Kundan Kumar wrote:
> hi...
> yeah.. I am using root certificate in PEM format as cacert.pem at
> /resiprocate/resip/certs and I gave path in /etc/ssl/openssl.cnf.
> Actually I have given the path for the certs also @
> /resiprocate/resip/certs/openssl.cnf. I am confused where exactly is this
> resiprocate looking for the exact path for the root CA certificate for
> verification of Server certificate. Correct me if I am wrong.
>
> The following message is being seen in my logs....
> =====================================================================
>
> Error whennnnnnnn verifying server's chain of certificates: self signed
> certificate in certificate chain, depth=1
> /CN=OpenSER/ST=SIP/C=IP/emailAddres
> ilnCode = 0
> TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed
> Error code = 336134278 file=s3_clnt.c line=89401:lib(0):func(0):reason(1)
> Couldn't TLS connect
>
> =====================================================================
>
> I will be very much obliged at your kind n earliest response....
>
>
> Thanks and regards,
> Kundan.
>
>
> On 5/1/07, Ryan Kereliuk <ryker@xxxxxxxxx> wrote:
> >
> >Are you sure you have the root certificate in PEM format in a location
> >that resiprocate is looking at?  If you enable DebugLog logging, do you
> >see a message like "Trying to load file <your_root_cert_file>"?
> >
> >Thanks,
> >-Ryan
> >
> >On 2007-05-01 at 17h43, Kundan Kumar wrote:
> >>
> >> While attempting TLS connection  through resiprocate  with  openSER
> >server
> >> ...giving  following errors:
> >> =======================================================================
> >> Error when verifying server's chain of certificates: unable to get local
> >> issuer certificate, depth=0 /C=IN/ST=AP/O=OC/OU=OCD/CN=VPN/emailAddre
> >> ========================================================================
> >>
> >> I generated root certificate using openssl and modified openssl.cnfplaced
> >> at /etc/ssl/openssl.cnf and resiprocate/resip/certs/openssl.cnf ..... I
> >have
> >> added the cacert.pem at the resiprocate client  also.
> >>
> >> Can anyone help me regarding above problem??
> >
>
>
>
> --
> KUNDAN KUMAR.....

_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel

--
KUNDAN KUMAR.....

-- 
KUNDAN KUMAR.....