< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate-users] Please help, TLS not working on XP, urgrently


If you are forming the TLS connection (client side) you only need the root cert.  If you want to accept inbound TLS connections you will need the domain certs too.  In the logs you sent you are the client side, so root cert is all that's required.

Scott

On Sat, Apr 18, 2009 at 11:48 PM, Xiexin <xiexin1008@xxxxxxxxx> wrote:
Thank you Scott, I have try to delete the duplicate certs, but still can't working.

I'm read the wiki: http://www.resiprocate.org/Certificates
there says:
Place the base64 PEM format certificates in the path specified, and use the following naming scheme:

    * root_cert_<rootCA-name>.pem - public key for root CA
    * domain_cert_<domain-name>.pem - public key used for domain validation in TLS
    * domain_key_<domain-name>.pem - private key used for domain validation in TLS (Server)

Do I need install three certificates in window?  Currently I just installed the root certificate only(I'm using WinSecurity class), do not install the domain_cert and domain_key certificates, so it leads my error ?  But on vista, my UA and eyebeam all are working with TLS  even if just install the
root certificates only.

Thanks




On Fri, Apr 17, 2009 at 9:08 AM, Scott Godin <sgodin@xxxxxxxxxxxxxxx> wrote:
On your XP logs it appears as if did not find the appropriate root certificate in the store.  I have seen issues with WinSecurity, that I never really got the bottom of, where the windows certificate store contains multiple copies of the same/similar certificate (ie. sometimes same certificate serial number, sometimes just the same certificate name).  I never really nailed down exactly what constituted a "duplicated" certificate, but adding the 2nd "duplicate" cert to the OpenSSL certificate store was getting an error.  Unfortunately I don't believe resiprocate will currently log anything if X509_STORE_add_cert fails - you might want to try adding some debugging code to BaseSecurity::addCertX509.  Also check your windows certificate store to see if you think there are "duplicate" certs, and try removing all but the correct one.

Scott

On Thu, Apr 16, 2009 at 1:41 PM, Xiexin <xiexin1008@xxxxxxxxx> wrote:
Hi all, I'm using the reSIProcate 1.4.1 for my UA, the UA use TLS for SIP message with SIP server,
now I got a strange issue, the UA working fine on Vista via TLS, but on XP, got the error: certificate verify failed.

These two PCs installed same root certificate file - it was installed in the root trusted store area. and I'm using the winSecureity for my UA.

I have attached two log files- the textfile1.txt which generated on XP, the textfile2.txt on the Vista.

Please help me, thank you in advance.


_______________________________________________
resiprocate-users mailing list
resiprocate-users@xxxxxxxxxxxxxxx
List Archive: http://list.resiprocate.org/archive/resiprocate-users/