[reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate
Kundan Kumar
kundancs at gmail.com
Thu May 3 05:33:29 CDT 2007
Thanks for Information..
I generated
CA certificate(cacert.pem) through makeCA which is given in
resiprocate/resip/certs/
Private Key(domain_key_DOMAIN-NAME.pem)
public key as domain_cert_DOMAIN- NAME.pem through makeCert which is given
in resiprocate/resip/certs/
But still getting same Error as:
=====================================================================
Error when verifying server's chain of certificates: self signed
certificate in certificate chain, depth=1
/CN=OpenSER/ST=SIP/C=IP/emailAddres
TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
=====================================================================
so please give pointer to solve above problems.
I will be very much obliged at your kind n response....
Thanks!!!!!
On 5/2/07, Scott Godin <slgodin at icescape.com > wrote:
>
> Also some info here: http://www.resiprocate.org/Certificates
>
> Scott
>
> ------------------------------
> *From:* resiprocate-devel-bounces at list.resiprocate.org on behalf of Ryan
> Kereliuk
> *Sent:* Wed 5/2/2007 8:21 AM
> *To:* Kundan Kumar
> *Cc:* resiprocate-devel at list.resiprocate.org
> *Subject:* Re: [reSIProcate] Resiprocate Client with OpenSER
> server.....tryingto establish TLS connection :- Error when verifying
> server'schain of certificates: unable to get local issuer certificate
>
> Have a look at the code in Security.cxx - the expected directories and
> file names are documented in the code there. The exact location depends
> on what platform you're using. Try $HOME/.sipCerts/root_cert_blah.pem.
>
> Thanks,
> -Ryan
>
> On 2007-05-02 at 10h15, Kundan Kumar wrote:
> > hi...
> > yeah.. I am using root certificate in PEM format as cacert.pem at
> > /resiprocate/resip/certs and I gave path in /etc/ssl/openssl.cnf.
> > Actually I have given the path for the certs also @
> > /resiprocate/resip/certs/openssl.cnf. I am confused where exactly is
> this
> > resiprocate looking for the exact path for the root CA certificate for
> > verification of Server certificate. Correct me if I am wrong.
> >
> > The following message is being seen in my logs....
> > =====================================================================
> >
> > Error whennnnnnnn verifying server's chain of certificates: self signed
> > certificate in certificate chain, depth=1
> > /CN=OpenSER/ST=SIP/C=IP/emailAddres
> > ilnCode = 0
> > TLS connection failed ok=-1 err=1
> error:00000001:lib(0):func(0):reason(1)
> > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify
> > failed
> > Error code = 336134278 file=s3_clnt.c
> line=89401:lib(0):func(0):reason(1)
> > Couldn't TLS connect
> >
> > =====================================================================
> >
> > I will be very much obliged at your kind n earliest response....
> >
> >
> > Thanks and regards,
> > Kundan.
> >
> >
> > On 5/1/07, Ryan Kereliuk <ryker at ryker.org> wrote:
> > >
> > >Are you sure you have the root certificate in PEM format in a location
> > >that resiprocate is looking at? If you enable DebugLog logging, do you
> > >see a message like "Trying to load file <your_root_cert_file>"?
> > >
> > >Thanks,
> > >-Ryan
> > >
> > >On 2007-05-01 at 17h43, Kundan Kumar wrote:
> > >>
> > >> While attempting TLS connection through resiprocate with openSER
> > >server
> > >> ...giving following errors:
> > >>
> =======================================================================
> > >> Error when verifying server's chain of certificates: unable to get
> local
> > >> issuer certificate, depth=0 /C=IN/ST=AP/O=OC/OU=OCD/CN=VPN/emailAddre
>
> > >>
> ========================================================================
> > >>
> > >> I generated root certificate using openssl and modified
> openssl.cnfplaced
> > >> at /etc/ssl/openssl.cnf and resiprocate/resip/certs/openssl.cnf .....
> I
> > >have
> > >> added the cacert.pem at the resiprocate client also.
> > >>
> > >> Can anyone help me regarding above problem??
> > >
> >
> >
> >
> > --
> > KUNDAN KUMAR.....
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at list.resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>
>
--
KUNDAN KUMAR.....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070503/2a25a56b/attachment.htm>
More information about the resiprocate-devel
mailing list