[Freeswitch-users] Client TLS certificate setup

adahary adahary at gmail.com
Fri May 3 17:10:58 MSD 2013 

Daniel,Now I see that I get the 'err 26:unsupported certificate purpose' for
the fail reason.I have checked the purpose and found 'TLS Web..' - should be
ok.What could be the reason?fs_client log:tport.c:2745 tport_wakeup_pri()
tport_wakeup_pri(0x9a97ea0): events INtport.c:869 tport_alloc_secondary()
tport_alloc_secondary(0x9a97ea0): new secondary tport
0x9b03ea0tport_type_tls.c:607 tport_tls_accept()
tport_tls_accept(0x9b03ea0): new connection from
tls/62.90.161.235:50438/sipstport_tls.c:873 tls_connect()
tls_connect(0x9b03ea0): events NEGOTIATINGtport_tls.c:873 tls_connect()
tls_connect(0x9b03ea0): events NEGOTIATINGtport_tls.c:253 tls_verify_cb()
-Error with certificate at depth: 0tport_tls.c:255 tls_verify_cb()   issuer  
= /CN=il1.mobi2save.com/O=mobi2save.comtport_tls.c:257 tls_verify_cb()  
subject  = /CN=il1.mobi2save.com/O=mobi2save.comtport_tls.c:258
tls_verify_cb()   *err 26:unsupported certificate purpose*tport_tls.c:962
tls_connect() tls_connect(0x9b03ea0): TLS setup failed
(error:00000001:lib(0):func(0):reason(1))tport.c:2092 tport_close()
tport_close(0x9b03ea0):
tls/62.90.161.235:50438/sipsfreeswitch at 127.0.0.1:8028 at internal>[root at il1
ssl]# openssl x509 -in client.pem -text -nooutCertificate:    Data:       
Version: 3 (0x2)        Serial Number:            b2:68:02:6b:19:d3:aa:36       
Signature Algorithm: sha1WithRSAEncryption        Issuer:
CN=il1.mobi2save.com, O=mobi2save.com        Validity            Not Before:
May  2 19:20:09 2013 GMT            Not After : May  1 19:20:09 2019 GMT       
Subject: CN=il1.mobi2save.com, O=mobi2save.com        Subject Public Key
Info:            Public Key Algorithm: rsaEncryption            RSA Public
Key: (2048 bit)                Modulus (2048 bit):                   
00:cf:81:c9:62:5a:0b:d0:0e:2e:5b:7b:21:bf:9e:                   
b9:50:3a:bc:91:5b:93:21:8c:87:8d:f2:1b:df:24:                   
19:7a:4a:0d:e3:39:00:7f:a8:5d:d3:8f:c6:67:90:                   
60:cb:53:ee:c9:74:b0:74:d9:fe:90:7d:15:bf:82:                   
3d:89:cb:49:6a:54:96:65:72:01:d8:12:a8:23:63:                   
85:bd:a6:e4:c6:12:86:45:d3:8f:c2:ea:58:34:b5:                   
0e:a5:89:b5:fe:d6:8f:f3:9e:cb:2b:cc:5e:f3:b1:                   
ff:30:d2:b6:8f:c0:af:70:a7:bc:2c:c6:1d:79:3a:                   
bc:87:07:5e:70:ca:d9:9c:c7:91:d5:25:47:92:62:                   
55:47:df:c6:0b:38:55:a5:c1:d1:e3:98:47:5f:be:                   
90:84:05:41:6f:84:1e:4c:7b:0d:d4:21:6f:20:12:                   
f5:d9:73:0e:bf:0c:31:df:86:40:86:56:91:f5:dc:                   
6d:30:32:8b:b1:9c:09:82:b7:f4:ec:18:1e:7b:9f:                   
41:a1:49:84:3f:01:a9:ea:d5:0b:37:81:a5:3c:58:                   
af:31:92:b4:db:53:9f:6b:05:08:7b:34:d1:62:9f:                   
23:54:4a:c2:2b:eb:c0:9a:c3:9d:da:ae:72:19:24:                   
1c:5f:62:68:01:b9:0f:5e:9e:04:7a:5b:6d:ce:06:                    03:c1               
Exponent: 65537 (0x10001)        X509v3 extensions:            Netscape
Comment:                FS Client Cert            X509v3 Basic Constraints:               
CA:FALSE            X509v3 Subject Key Identifier:               
33:41:5C:37:CF:8B:B3:C6:45:72:28:81:6A:97:FB:7D:D4:EF:41:AE           
X509v3 Authority Key Identifier:               
DirName:/CN=il1.mobi2save.com/O=mobi2save.com               
serial:B4:B8:71:80:AC:28:33:48            X509v3 Subject Alternative Name:               
DNS:il1.mobi2save.com            Netscape Cert Type:                SSL
Client            X509v3 Extended Key Usage:                TLS Web Client
Authentication    Signature Algorithm: sha1WithRSAEncryption       
5f:46:da:81:89:6f:2e:60:9f:f8:fb:8c:a9:87:d1:53:7f:78:       
b4:0c:98:ab:fc:93:53:41:4f:24:24:71:02:1e:59:92:ca:08:       
47:f4:3f:2f:da:3f:f0:d8:4c:5b:69:24:d1:29:f7:9d:d7:95:       
0d:a0:25:5d:4a:6e:04:69:c4:4e:58:77:ba:24:11:59:14:7d:       
23:4c:e3:c3:27:df:8e:cc:c0:30:1e:29:c3:94:c3:a6:05:23:       
76:60:0a:aa:6e:7d:a0:fc:12:c8:49:96:41:b9:1f:3c:8c:d8:       
8a:fa:a3:14:5b:11:67:26:6d:85:57:2d:10:86:fa:65:62:12:       
e9:8b:6a:a8:2b:dc:0c:70:3e:3d:f6:2d:97:9a:82:41:5f:99:       
fe:67:f7:7c:f3:48:4e:2a:2d:d0:32:46:77:a4:00:05:3d:be:       
26:4d:d9:92:9b:92:8e:78:ac:01:5b:a0:29:fa:9c:69:c1:74:       
86:26:ce:e3:fa:b3:40:b5:59:bb:b3:fe:27:91:4a:4f:2b:89:       
0e:bd:e6:7a:ca:28:8f:64:31:71:5b:77:4d:65:2a:77:30:7d:       
69:21:0c:54:77:6e:2e:8c:d2:72:35:ad:8f:e7:f0:04:34:cb:       
da:25:40:ec:14:9b:34:dd:60:ad:0a:39:d9:df:91:11:66:9c:        03:ee:4a:d7



--
View this message in context: http://freeswitch-users.2379917.n2.nabble.com/Client-TLS-certificate-setup-tp7590319p7590345.html
Sent from the freeswitch-users mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130503/6458c064/attachment.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list