Daniel,
Now I see that I get the 'err 26:unsupported certificate purpose' for the fail reason.
I have checked the purpose and found 'TLS Web..' - should be ok.
What could be the reason?
fs_client log:
tport.c:2745 tport_wakeup_pri() tport_wakeup_pri(0x9a97ea0): events IN
tport.c:869 tport_alloc_secondary() tport_alloc_secondary(0x9a97ea0): new secondary tport 0x9b03ea0
tport_type_tls.c:607 tport_tls_accept() tport_tls_accept(0x9b03ea0): new connection from tls/62.90.161.235:50438/sips
tport_tls.c:873 tls_connect() tls_connect(0x9b03ea0): events NEGOTIATING
tport_tls.c:873 tls_connect() tls_connect(0x9b03ea0): events NEGOTIATING
tport_tls.c:253 tls_verify_cb() -Error with certificate at depth: 0
tport_tls.c:255 tls_verify_cb() issuer = /CN=il1.mobi2save.com/O=mobi2save.com
tport_tls.c:257 tls_verify_cb() subject = /CN=il1.mobi2save.com/O=mobi2save.com
tport_tls.c:258 tls_verify_cb() <b>err 26:unsupported certificate purpose</b>
tport_tls.c:962 tls_connect() tls_connect(0x9b03ea0): TLS setup failed (error:00000001:lib(0):func(0):reason(1))
tport.c:2092 tport_close() tport_close(0x9b03ea0): tls/62.90.161.235:50438/sips
freeswitch@127.0.0.1:8028@internal>
[root@il1 ssl]# openssl x509 -in client.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b2:68:02:6b:19:d3:aa:36
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=il1.mobi2save.com, O=mobi2save.com
Validity
Not Before: May 2 19:20:09 2013 GMT
Not After : May 1 19:20:09 2019 GMT
Subject: CN=il1.mobi2save.com, O=mobi2save.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:cf:81:c9:62:5a:0b:d0:0e:2e:5b:7b:21:bf:9e:
b9:50:3a:bc:91:5b:93:21:8c:87:8d:f2:1b:df:24:
19:7a:4a:0d:e3:39:00:7f:a8:5d:d3:8f:c6:67:90:
60:cb:53:ee:c9:74:b0:74:d9:fe:90:7d:15:bf:82:
3d:89:cb:49:6a:54:96:65:72:01:d8:12:a8:23:63:
85:bd:a6:e4:c6:12:86:45:d3:8f:c2:ea:58:34:b5:
0e:a5:89:b5:fe:d6:8f:f3:9e:cb:2b:cc:5e:f3:b1:
ff:30:d2:b6:8f:c0:af:70:a7:bc:2c:c6:1d:79:3a:
bc:87:07:5e:70:ca:d9:9c:c7:91:d5:25:47:92:62:
55:47:df:c6:0b:38:55:a5:c1:d1:e3:98:47:5f:be:
90:84:05:41:6f:84:1e:4c:7b:0d:d4:21:6f:20:12:
f5:d9:73:0e:bf:0c:31:df:86:40:86:56:91:f5:dc:
6d:30:32:8b:b1:9c:09:82:b7:f4:ec:18:1e:7b:9f:
41:a1:49:84:3f:01:a9:ea:d5:0b:37:81:a5:3c:58:
af:31:92:b4:db:53:9f:6b:05:08:7b:34:d1:62:9f:
23:54:4a:c2:2b:eb:c0:9a:c3:9d:da:ae:72:19:24:
1c:5f:62:68:01:b9:0f:5e:9e:04:7a:5b:6d:ce:06:
03:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Comment:
FS Client Cert
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
33:41:5C:37:CF:8B:B3:C6:45:72:28:81:6A:97:FB:7D:D4:EF:41:AE
X509v3 Authority Key Identifier:
DirName:/CN=il1.mobi2save.com/O=mobi2save.com
serial:B4:B8:71:80:AC:28:33:48
X509v3 Subject Alternative Name:
DNS:il1.mobi2save.com
Netscape Cert Type:
SSL Client
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha1WithRSAEncryption
5f:46:da:81:89:6f:2e:60:9f:f8:fb:8c:a9:87:d1:53:7f:78:
b4:0c:98:ab:fc:93:53:41:4f:24:24:71:02:1e:59:92:ca:08:
47:f4:3f:2f:da:3f:f0:d8:4c:5b:69:24:d1:29:f7:9d:d7:95:
0d:a0:25:5d:4a:6e:04:69:c4:4e:58:77:ba:24:11:59:14:7d:
23:4c:e3:c3:27:df:8e:cc:c0:30:1e:29:c3:94:c3:a6:05:23:
76:60:0a:aa:6e:7d:a0:fc:12:c8:49:96:41:b9:1f:3c:8c:d8:
8a:fa:a3:14:5b:11:67:26:6d:85:57:2d:10:86:fa:65:62:12:
e9:8b:6a:a8:2b:dc:0c:70:3e:3d:f6:2d:97:9a:82:41:5f:99:
fe:67:f7:7c:f3:48:4e:2a:2d:d0:32:46:77:a4:00:05:3d:be:
26:4d:d9:92:9b:92:8e:78:ac:01:5b:a0:29:fa:9c:69:c1:74:
86:26:ce:e3:fa:b3:40:b5:59:bb:b3:fe:27:91:4a:4f:2b:89:
0e:bd:e6:7a:ca:28:8f:64:31:71:5b:77:4d:65:2a:77:30:7d:
69:21:0c:54:77:6e:2e:8c:d2:72:35:ad:8f:e7:f0:04:34:cb:
da:25:40:ec:14:9b:34:dd:60:ad:0a:39:d9:df:91:11:66:9c:
03:ee:4a:d7
<br/><hr align="left" width="300" />
View this message in context: <a href="http://freeswitch-users.2379917.n2.nabble.com/Client-TLS-certificate-setup-tp7590319p7590345.html">Re: Client TLS certificate setup</a><br/>
Sent from the <a href="http://freeswitch-users.2379917.n2.nabble.com/">freeswitch-users mailing list archive</a> at Nabble.com.<br/>