<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
<br>> Date: Mon, 6 Sep 2010 10:26:38 +0200<br>> From: klaus.mailinglists@pernau.at<br>> To: betergreen@live.com<br>> CC: sr-users@lists.sip-router.org<br>> Subject: Re: [SR-Users] please help to register sip phone to kamailio server via tls support.<br>> <br>> > log in :tail -f /var/log/message:<br>> ><br>> > Sep 4 05:18:50 appliance /usr/local/sbin/kamailio[3117]: ERROR: tls<br>> > [tls_server.c:392]: SSL error:error:14094418:SSL<br>> > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br>> ><br>> > in portgo : certificate validation failure.<br>> <br>> It is rather clear - your SIP client does not accept the proxy's <br>> certificate and thus terminates the TLS handshake with an "unknown ca" <br>> error.<br>> <br>> You have to configure your SIP client to accept the CA which has signed <br>> the proxy's certificate.<br>> <br>> regards<br>> klaus<br><br>Dear Klaus,<br>
i have the same problem when add user-privkey.pem in SIP client, I use 3CX soft phone.<br><br>when i run command : <span class="quote">kamctl tls userCERT user<br><br>openssl creates three file.<br></span><br>INFO: Private key is locate at /usr/local/etc/kamailio//tls/user/user-privkey.pem<br>INFO: Certificate is locate at /usr/local/etc/kamailio//tls/user/user-cert.pem<br>INFO: CA-List is locate at /usr/local/etc/kamailio//tls/user/user-calist.pem<br><br>i copy user-privkey.pem to PC which have SIP client. after that i change the name to root_cert_3CXphone.pem to add to 3CX soft phone.<br>but problem is the same.<br><br>Sep 6 08:59:33 appliance /usr/local/sbin/kamailio[4442]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br>Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4437]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br>Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4438]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br>Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4440]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br>Sep 6 08:59:34 appliance /usr/local/sbin/kamailio[4442]: ERROR: tls [tls_server.c:392]: SSL error:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br><br><br>please tell me, if you know <br>thanks so much.<br>Peter Green<br><br> </body>
</html>