hello, <br><br>im new on TLS setup... and as usual, im having issues configuring a SIP client (Bria for windows) with FS.<br><br><br>I guess i configured FS properly, but im not sure about certificates.<br><br><br>
FS conf:<br>
<X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1"/><br>
<br>
<!-- Internal SIP Profile --><br>
<X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/><br>
<X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/><br>
<X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/><br>
<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/><br>
<X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/><br>
<br>
<!-- External SIP Profile --><br>
<X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/><br>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/><br>
<X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/><br>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/><br>
<X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/><br>
<br><br><br>I created certificates using the commands on the wiki:<br><br><br><br><pre>./gentls_cert setup -cn <a href="http://pbx.freeswitch.org">pbx.freeswitch.org</a> -alt DNS:<a href="http://pbx.freeswitch.org">pbx.freeswitch.org</a> -org <a href="http://freeswitch.org">freeswitch.org</a><br>
./gentls_cert create_server -cn <a href="http://pbx.freeswitch.org">pbx.freeswitch.org</a> -alt DNS:<a href="http://pbx.freeswitch.org">pbx.freeswitch.org</a> -org <a href="http://freeswitch.org">freeswitch.org</a><br><br>
<br>./gentls_cert create_client -cn Client1 -out Client1<br></pre><br>/usr/local/freeswitch/conf/ssl<br>-rw-r----- 1 root root 3029 Mar 20 08:56 agent.pem<br>drwxr-x--- 2 root root 4096 Mar 20 08:56 CA<br>-rw-r----- 1 root root 1046 Mar 20 08:49 cafile.pem<br>
-rw-r----- 1 root root 3029 Mar 20 09:45 Client1<br><br><br>/usr/local/freeswitch/conf/ssl/CA<br>-rw-r----- 1 root root 1046 Mar 20 08:49 cacert.pem<br>-rw-r----- 1 root root 17 Mar 20 09:45 cacert.srl<br>-rw-r----- 1 root root 1679 Mar 20 08:49 cakey.pem<br>
-rw-r----- 1 root root 579 Mar 20 08:49 config.tpl<br><br><br>i deployed and installed cafile.pem on windows machine running Bria softphone. I did the same with Client1. Restarted <br><br>but all im getting is this error in console:<br>
<br><br>tport_wakeup_pri(0x85b9590): events IN<br>tport_alloc_secondary(0x85b9590): new secondary tport 0x85ef610<br>tport_tls_accept(0x85ef610): new connection from tls/<a href="http://85.114.34.202:61030/sips">85.114.34.202:61030/sips</a><br>
tls_connect(0x85ef610): events NEGOTIATING<br>tls_connect(0x85ef610): events NEGOTIATING<br>tls_connect(0x85ef610): TLS setup failed (error:00000001:lib(0):func(0):reason(1))<br>tport_close(0x85ef610): tls/<a href="http://85.114.34.202:61030/sips">85.114.34.202:61030/sips</a><br>
<br><br>please, can anyone help ?<br><br><br><br><br><br>this is a portion showing how FS loads mod_sofia:<br><br>su_port_create(0x857c060): epoll_create() => 0: OK<br>su_socket_port_init(0x857c060, 0xd9b400) called<br>
su_pthread_port_init(0x857c060, 0xd9b400) called<br>su_port_create(0x85b1840): epoll_create() => 0: OK<br>su_socket_port_init(0x85b1840, 0xd9b400) called<br>su_pthread_port_init(0x85b1840, 0xd9b400) called<br>nua: nua_create: entering<br>
su_port_create(0x85b3920): epoll_create() => 0: OK<br>su_socket_port_init(0x85b3920, 0xd9b400) called<br>su_pthread_port_init(0x85b3920, 0xd9b400) called<br>nua: nua_stack_init: entering<br>nua: nua_stack_set_params: entering<br>
soa_create("default", 0x85b0eb8, 0x85b0f70) called<br>soa_set_params(static::0x85ae410, ...) called<br>soa_set_params(static::0x85ae410, ...) called<br>nta_agent_create: initialized hash tables<br>nta_agent_create: initialized transports<br>
nua: nua_create: entering<br>su_port_create(0x85b2368): epoll_create() => 0: OK<br>su_socket_port_init(0x85b2368, 0xd9b400) called<br>su_pthread_port_init(0x85b2368, 0xd9b400) called<br>nua: nua_stack_init: entering<br>
nua: nua_stack_set_params: entering<br>soa_create("default", 0x85b2198, 0x85b6440) called<br>soa_set_params(static::0x85b6938, ...) called<br>soa_set_params(static::0x85b6938, ...) called<br>nta_agent_create: initialized hash tables<br>
nta_agent_create: initialized transports<br>nta_agent_create: initialized random identifiers<br>nta_agent_create: initialized timer<br>nta_agent_create: initialized random identifiers<br>nta_agent_create: initialized timer<br>
nta_agent_create: initialized resolver<br>nta_agent_create: initialized resolver<br>tport_create(): 0x85aefe8<br>tport_create(): 0xb780f688<br>nta: master transport created<br>nta: master transport created<br>tport_bind_server(0x85aefe8) to */<a href="http://85.114.35.241:5060/sip">85.114.35.241:5060/sip</a><br>
tport_bind_server(0xb780f688) to */<a href="http://85.114.35.241:5080/sip">85.114.35.241:5080/sip</a><br>tport_bind_server(0xb780f688): calling tport_listen for udp<br>tport_bind_server(0x85aefe8): calling tport_listen for udp<br>
tport_alloc_primary(0x85aefe8): new primary tport 0x85af2d0<br>tport_alloc_primary(0xb780f688): new primary tport 0xb780add0<br>tport_listen(0xb780add0): listening at udp/<a href="http://85.114.35.241:5080/sip">85.114.35.241:5080/sip</a><br>
tport_listen(0x85af2d0): listening at udp/<a href="http://85.114.35.241:5060/sip">85.114.35.241:5060/sip</a><br>tport_bind_server(0xb780f688): calling tport_listen for tcp<br>tport_bind_server(0x85aefe8): calling tport_listen for tcp<br>
tport_alloc_primary(0xb780f688): new primary tport 0xb7811af0<br>tport_alloc_primary(0x85aefe8): new primary tport 0x85af778<br>tport_listen(0x85af778): listening at tcp/<a href="http://85.114.35.241:5060/sip">85.114.35.241:5060/sip</a><br>
tport_listen(0xb7811af0): listening at tcp/<a href="http://85.114.35.241:5080/sip">85.114.35.241:5080/sip</a><br>nta: bound to (85.114.35.241:5080;transport=*)<br>nta: bound to (85.114.35.241:5060;transport=*)<br>nta: agent_init_via: SIP/2.0/udp <a href="http://85.114.35.241:5080">85.114.35.241:5080</a> (sip)<br>
nta: agent_init_via: SIP/2.0/udp 85.114.35.241 (sip)<br>nta: agent_init_via: SIP/2.0/tcp 85.114.35.241 (sip)<br>nta: agent_init_via: SIP/2.0/tcp <a href="http://85.114.35.241:5080">85.114.35.241:5080</a> (sip)<br>nta: Via fields initialized<br>
nta: Via fields initialized<br>nta: Contact header created<br>nta: Contact header created<br>tport_bind_server(0x85aefe8) to tls/<a href="http://85.114.35.241:5061/sips">85.114.35.241:5061/sips</a><br>tport_bind_server(0xb780f688) to tls/<a href="http://85.114.35.241:5081/sips">85.114.35.241:5081/sips</a><br>
tport_bind_server(0xb780f688): calling tport_listen for tls<br>tport_bind_server(0x85aefe8): calling tport_listen for tls<br>tport_alloc_primary(0xb780f688): new primary tport 0xb780e378<br>tport_alloc_primary(0x85aefe8): new primary tport 0x85b9590<br>
tport_tls_init_master(0x85b9590): tls key = /usr/local/freeswitch/conf/ssl/agent.pem<br>tport_tls_init_master(0xb780e378): tls key = /usr/local/freeswitch/conf/ssl/agent.pem<br>tport_tls_init_master(0xb780e378): tls context initialized for [85.114.35.241]:5081<br>
tport_tls_init_master(0x85b9590): tls context initialized for [85.114.35.241]:5061<br>tport_listen(0x85b9590): listening at tls/<a href="http://85.114.35.241:5061/sips">85.114.35.241:5061/sips</a><br>tport_listen(0xb780e378): listening at tls/<a href="http://85.114.35.241:5081/sips">85.114.35.241:5081/sips</a><br>
nta: bound to (85.114.35.241:5061;transport=tls)<br>nta: bound to (85.114.35.241:5081;transport=tls)<br>nta: agent_init_via: SIP/2.0/udp 85.114.35.241 (sip)<br>nta: agent_init_via: SIP/2.0/udp <a href="http://85.114.35.241:5080">85.114.35.241:5080</a> (sip)<br>
nta: agent_init_via: SIP/2.0/tcp 85.114.35.241 (sip)<br>nta: agent_init_via: SIP/2.0/tcp <a href="http://85.114.35.241:5080">85.114.35.241:5080</a> (sip)<br>nta: agent_init_via: SIP/2.0/tls 85.114.35.241 (sips)<br>nta: agent_init_via: SIP/2.0/tls <a href="http://85.114.35.241:5081">85.114.35.241:5081</a> (sips)<br>
nta: Via fields initialized<br>nta: Via fields initialized<br>nta: Contact header created<br>nta: Contact header created<br>nua_register: Adding contact URL '85.114.35.241' to list.<br>nua_register: Adding contact URL '85.114.35.241' to list.<br>
nua_register: Adding contact URL '85.114.35.241' to list.<br>nua_register: Adding contact URL '85.114.35.241' to list.<br>nua: nua_set_params: entering<br>nua: nua_set_params: entering<br>nua((nil)): sent signal r_set_params<br>
nua((nil)): sent signal r_set_params<br>nua: nua_stack_set_params: entering<br>soa_set_params(static::0x85b6938, ...) called<br>2012-03-20 10:57:48.859351 [NOTICE] sofia_reg.c:2969 Added gateway '<a href="http://example.com">example.com</a>' to profile 'external'<br>
nua: nua_stack_set_params: entering<br>soa_set_params(static::0x85ae410, ...) called<br>2012-03-20 10:57:48.859745 [NOTICE] sofia.c:2710 Adding Alias [85.114.35.241] for profile [internal]<br>tport_wakeup_pri(0x85b9590): events IN<br>
tport_alloc_secondary(0x85b9590): new secondary tport 0x85bae68<br>tport_tls_accept(0x85bae68): new connection from tls/<a href="http://85.114.34.202:60916/sips">85.114.34.202:60916/sips</a><br>tls_connect(0x85bae68): events NEGOTIATING<br>
tls_connect(0x85bae68): events NEGOTIATING<br>tls_connect(0x85bae68): TLS setup failed (error:00000001:lib(0):func(0):reason(1))<br>tport_close(0x85bae68): tls/<a href="http://85.114.34.202:60916/sips">85.114.34.202:60916/sips</a><br>
nua: nua_application_event: entering<br>nua: nua_application_event: entering<br>2012-03-20 10:57:49.959654 [CONSOLE] sofia.c:1214 MSG Thread Started<br>nua: nua_handle_magic: entering<br>nua: nua_handle_magic: entering<br>
2012-03-20 10:57:50.360893 [CONSOLE] switch_loadable_module.c:1299 Successfully Loaded [mod_sofia]<br><br><br><br>