[reSIProcate] Resiprocate Client with OpenSER server.....trying to establish TLS connection :- Error when verifying server's chain of certificates: unable to get local issuer certificate

Kundan Kumar kundancs at gmail.com
Tue May 1 23:45:37 CDT 2007 

hi...
yeah.. I am using root certificate in PEM format as cacert.pem at
/resiprocate/resip/certs and I gave path in /etc/ssl/openssl.cnf.
Actually I have given the path for the certs also @
/resiprocate/resip/certs/openssl.cnf. I am confused where exactly is this
resiprocate looking for the exact path for the root CA certificate for
verification of Server certificate. Correct me if I am wrong.

The following message is being seen in my logs....
=====================================================================

Error whennnnnnnn verifying server's chain of certificates: self signed
certificate in certificate chain, depth=1
/CN=OpenSER/ST=SIP/C=IP/emailAddres
ilnCode = 0
TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
Error code = 336134278 file=s3_clnt.c line=89401:lib(0):func(0):reason(1)
Couldn't TLS connect

=====================================================================

I will be very much obliged at your kind n earliest response....


Thanks and regards,
Kundan.


On 5/1/07, Ryan Kereliuk <ryker at ryker.org> wrote:
>
> Are you sure you have the root certificate in PEM format in a location
> that resiprocate is looking at?  If you enable DebugLog logging, do you
> see a message like "Trying to load file <your_root_cert_file>"?
>
> Thanks,
> -Ryan
>
> On 2007-05-01 at 17h43, Kundan Kumar wrote:
> >
> > While attempting TLS connection  through resiprocate  with  openSER
> server
> > ...giving  following errors:
> > =======================================================================
> > Error when verifying server's chain of certificates: unable to get local
> > issuer certificate, depth=0 /C=IN/ST=AP/O=OC/OU=OCD/CN=VPN/emailAddre
> > ========================================================================
> >
> > I generated root certificate using openssl and modified openssl.cnfplaced
> > at /etc/ssl/openssl.cnf and resiprocate/resip/certs/openssl.cnf ..... I
> have
> > added the cacert.pem at the resiprocate client  also.
> >
> > Can anyone help me regarding above problem??
>



-- 
KUNDAN KUMAR.....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070502/172c8ce7/attachment.htm>

More information about the resiprocate-devel mailing list