[reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate

Scott Godin slgodin at icescape.com
Thu May 3 07:12:56 CDT 2007 

Assuming from the CN=OpenSER that this is a certificate presented from
OpenSER....

 

You must have the RootCA certificate of the CA that created the OpenSER
certificate present in the correct directory for resip.  Resip is
failing to verify the certificate presented by OpenSER.

 

From: Kundan Kumar [mailto:kundancs at gmail.com] 
Sent: Thursday, May 03, 2007 6:33 AM
To: Scott Godin
Cc: Ryan Kereliuk; resiprocate-devel at list.resiprocate.org
Subject: Re: [reSIProcate] Resiprocate Client with OpenSER
server.....tryingto establish TLS connection :- Error when verifying
server'schain of certificates: unable to get local issuer certificate

 

Thanks for Information..
I generated 
CA certificate(cacert.pem) through makeCA which is given in
resiprocate/resip/certs/
Private Key(domain_key_DOMAIN-NAME.pem)
public key as domain_cert_DOMAIN- NAME.pem through makeCert which is
given in resiprocate/resip/certs/

But still getting same Error as:
=====================================================================
Error when  verifying server's chain of certificates: self signed
certificate in certificate chain, depth=1
/CN=OpenSER/ST=SIP/C=IP/emailAddres 
TLS connection failed ok=-1 err=1
error:00000001:lib(0):func(0):reason(1)
=====================================================================
so please give pointer to solve above problems.
I will be very much obliged at your kind n response....
Thanks!!!!!

On 5/2/07, Scott Godin < slgodin at icescape.com
<mailto:slgodin at icescape.com> > wrote:

Also some info here:  http://www.resiprocate.org/Certificates 

 

Scott

 

________________________________

From: resiprocate-devel-bounces at list.resiprocate.org on behalf of Ryan
Kereliuk
Sent: Wed 5/2/2007 8:21 AM
To: Kundan Kumar
Cc: resiprocate-devel at list.resiprocate.org
Subject: Re: [reSIProcate] Resiprocate Client with OpenSER
server.....tryingto establish TLS connection :- Error when verifying
server'schain of certificates: unable to get local issuer certificate 

Have a look at the code in Security.cxx - the expected directories and
file names are documented in the code there.  The exact location depends

on what platform you're using.  Try $HOME/.sipCerts/root_cert_blah.pem.

Thanks,
-Ryan

On 2007-05-02 at 10h15, Kundan Kumar wrote:
> hi...
> yeah.. I am using root certificate in PEM format as cacert.pem at
> /resiprocate/resip/certs and I gave path in /etc/ssl/openssl.cnf.
> Actually I have given the path for the certs also @
> /resiprocate/resip/certs/openssl.cnf. I am confused where exactly is
this 
> resiprocate looking for the exact path for the root CA certificate for
> verification of Server certificate. Correct me if I am wrong.
>
> The following message is being seen in my logs....
> ===================================================================== 
>
> Error whennnnnnnn verifying server's chain of certificates: self
signed
> certificate in certificate chain, depth=1
> /CN=OpenSER/ST=SIP/C=IP/emailAddres
> ilnCode = 0
> TLS connection failed ok=-1 err=1
error:00000001:lib(0):func(0):reason(1) 
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify
> failed
> Error code = 336134278 file=s3_clnt.c
line=89401:lib(0):func(0):reason(1)
> Couldn't TLS connect
> 
> =====================================================================
>
> I will be very much obliged at your kind n earliest response....
>
>
> Thanks and regards,
> Kundan.
>
>
> On 5/1/07, Ryan Kereliuk <ryker at ryker.org> wrote:
> >
> >Are you sure you have the root certificate in PEM format in a
location 
> >that resiprocate is looking at?  If you enable DebugLog logging, do
you
> >see a message like "Trying to load file <your_root_cert_file>"?
> >
> >Thanks,
> >-Ryan 
> >
> >On 2007-05-01 at 17h43, Kundan Kumar wrote:
> >>
> >> While attempting TLS connection  through resiprocate  with  openSER
> >server
> >> ...giving  following errors: 
> >>
=======================================================================
> >> Error when verifying server's chain of certificates: unable to get
local
> >> issuer certificate, depth=0
/C=IN/ST=AP/O=OC/OU=OCD/CN=VPN/emailAddre 
> >>
========================================================================
> >>
> >> I generated root certificate using openssl and modified
openssl.cnfplaced
> >> at /etc/ssl/openssl.cnf and resiprocate/resip/certs/openssl.cnf
..... I 
> >have
> >> added the cacert.pem at the resiprocate client  also.
> >>
> >> Can anyone help me regarding above problem??
> >
>
>
>
> --
> KUNDAN KUMAR..... 

_______________________________________________
resiprocate-devel mailing list
resiprocate-devel at list.resiprocate.org
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel 




-- 
KUNDAN KUMAR..... 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070503/cbbc6e4f/attachment.htm>

More information about the resiprocate-devel mailing list