<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hello,<br>
    <br>
    is the client presenting a ssl certificate? Because the server
    requires that and it seems the client doesn't sent one.<br>
    <br>
    Cheers,<br>
    Daniel<br>
    <br>
    <div class="moz-cite-prefix">On 26/10/15 15:44, Vladimer Gabunia
      wrote:<br>
    </div>
    <blockquote
      cite="mid:767F5380AA99204F816B30B238C456CF45E9834C@HN-MCAS-01.hn.ge"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <div style="direction: ltr;font-family: Tahoma;color:
        #000000;font-size: 10pt;">this error i get back in Kamailio .log
        <div><br>
        </div>
        <div> TLS accept:error:140890B2:SSL
          routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned</div>
        <div><br>
        </div>
        <div>I read on the forum that it can be linphone problem while
          chacking MS Crl.<br>
          <div style="font-family: Times New Roman; color: #000000;
            font-size: 16px">
            <hr tabindex="-1">
            <div id="divRpF168345" style="direction: ltr;"><font
                face="Tahoma" color="#000000" size="2"><b>From:</b>
                sr-users [<a class="moz-txt-link-abbreviated" href="mailto:sr-users-bounces@lists.sip-router.org">sr-users-bounces@lists.sip-router.org</a>] on
                behalf of Daniel-Constantin Mierla [<a class="moz-txt-link-abbreviated" href="mailto:miconda@gmail.com">miconda@gmail.com</a>]<br>
                <b>Sent:</b> Monday, October 26, 2015 12:05 PM<br>
                <b>To:</b> Kamailio (SER) - Users Mailing List<br>
                <b>Subject:</b> Re: [SR-Users] Q: about CRL list (TLS)<br>
              </font><br>
            </div>
            <div>Hello,<br>
              <br>
              <div class="moz-cite-prefix">On 25/10/15 13:10, Vladimer
                Gabunia wrote:<br>
              </div>
              <blockquote type="cite">
                <style type="text/css" id="owaParaStyle"></style>
                <div style="direction:ltr; font-family:Tahoma;
                  color:#000000; font-size:10pt">
                  <div>hello all.</div>
                  <div>we compiled  kamailio with TLS Support.  but have
                    next problem when using CRL Lits.</div>
                  <div>Our Certificate issuing scheme is follow:</div>
                  <div>Offline Root CA -> Enterprise SubCA ->
                    Server and Phone Certificate  </div>
                  <div>CRL list is signed by SubCA.</div>
                  <div>option  "require client certificate is enables
                    (1) "</div>
                  <div>When we enable CRL list, phones are not
                    registered.</div>
                  <div>CA file is offline RootCA   certificate in pem
                    format.</div>
                  <div>We think that the reason is that СRL was signed
                    by Subca or incorrect CRL format.</div>
                  <div>CRL is converted from MS CRL to PEM. (What is the
                    format for the CRL)</div>
                  <div>maybe someone have experiance with similar
                    scenarios?</div>
                </div>
              </blockquote>
              the readme file of the tls module has some documentation
              about crl:<br>
              <br>
              <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.crl"
                target="_blank">http://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.crl</a><br>
              <br>
              You can also try to run with debug=3 in kmailio.cfg and
              see more debug messages about what happens internally.<br>
              <br>
              Cheers,<br>
              Daniel<br>
              <pre class="moz-signature" cols="72">-- 
Daniel-Constantin Mierla
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://twitter.com/#%21/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/miconda</a>
Book: SIP Routing With Kamailio - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.asipto.com" target="_blank">http://www.asipto.com</a>
Kamailio Advanced Training, Nov 30-Dec 2, Berlin - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://asipto.com/kat" target="_blank">http://asipto.com/kat</a></pre>
            </div>
          </div>
        </div>
      </div>
      <hr>
      <div><img moz-do-not-send="true" alt="gh.ge"
          src="http://gh.ge/img/logo/logo.png"></div>
      <font color="#5194AC"><b>ვლადიმერ გაბუნია</b><br>
        IT სამსახურის უფროსი <br>
        <font size="small">ტელ: (+995) 32 2505222 +8183 <br>
          მობ: (995) 577 095333<br>
          შპს "ჯეო ჰოსპიტალს" <br>
          სათავო ოფისი<br>
          თბილისი 0160, ვაჟა-ფშაველას გამზ. № 16;<br>
          <a moz-do-not-send="true" href="http://gh.ge">http://www.gh.ge
          </a><br>
        </font></font>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Daniel-Constantin Mierla
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Book: SIP Routing With Kamailio - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
Kamailio Advanced Training, Nov 30-Dec 2, Berlin - <a class="moz-txt-link-freetext" href="http://asipto.com/kat">http://asipto.com/kat</a></pre>
  </body>
</html>