<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
<br>> Date: Thu, 9 Sep 2010 11:13:19 +0200<br>> From: klaus.mailinglists@pernau.at<br>> To: betergreen@live.com<br>> CC: sr-users@lists.sip-router.org<br>> Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate<br>> <br>> <br>> <br>> Am 09.09.2010 10:17, schrieb peter_green lion:<br>> > hi all,<br>> > i have configure tls support as this link:<br>> > http://www.kamailio.org/docs/tls-devel.html#id2451496<br>> > and i add certificate to 3CX sip phone is "cacert.pem" but when i<br>> > register sip phone, the log file in kamailio server is :<br>> ><br>> > Sep 9 15:13:36 appliance /usr/local/sbin/kamailio[2146]: ERROR: tls<br>> > [tls_server.c:392]: SSL error:error:14094412:SSL<br>> > routines:SSL3_READ_BYTES:sslv3 alert bad certificate<br>> <br>> I think the means that the SIP phone sends the ALERT because the it does <br>> not accept the certificate of the server. So you have to debug why the <br>> SIP phone does not accept the certificate.<br>> <br>> You really should test with another SIP client first.<br>> <br>> regards<br>> Klaus<br>> <br>> ><br>> > my configure in kamailio.cfg as :<br>> ><br>> > modparam("tls", "tls_method", "TLSv1")<br>> > modparam("tls", "tls_method", "SSLv23")<br>> > modparam("tls", "certificate",<br>> > "/usr/local/etc/kamailio//tls/user/user-cert.pem")<br>> > modparam("tls", "private_key",<br>> > "/usr/local/etc/kamailio//tls/user/user-privkey.pem")<br>> > modparam("tls", "ca_list",<br>> > "/usr/local/etc/kamailio//tls/user/user-calist.pem")<br>> > modparam("tls", "verify_certificate",0 )<br>> > modparam("tls", "require_certificate",0 )<br>> ><br>> ><br>> > please suggest to fix this error.<br>> > thanks and regards.<br>> > Peter Green.<br>> ><br>> ><br>> ><br>> > _______________________________________________<br>> > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>> > sr-users@lists.sip-router.org<br>> > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users<br><br><br>hi Klaus,<br>i add certificate to internet explorer, but it fail:<br>when i view this certificate i see that error:<br><br>"this certificate has expired or is not yet valid"<br><br>is mean this certificate is wrong ?<br><br>so how do i make it correct ?<br><br>thanks and regards,<br>Peter Green.<br><br>                                            </body>
</html>