<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:"MS Mincho";
        panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
        {font-family:"\@MS Mincho";
        panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p
        {mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.E-MailFormatvorlage18
        {mso-style-type:personal;
        font-family:Arial;
        color:windowtext;}
span.E-MailFormatvorlage19
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.Section1
        {page:Section1;}
-->
</style>
</head>
<body lang=DE link=blue vlink=purple>Hi Adam, <br>
<br>
try to change the tls mode in the vars.xml to ssl (see the comments in that file for the correct value). <br>
<br>
Some phones are to stupid for tls. This setting helps. And its documented on the wiki. <br>
<br>
Cheers karsten <br>
-- <br>
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.<br><br><div class="gmail_quote"><br>
<br>
"Lappe, Adam" <Adam.Lappe@qsc.de> schrieb:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Hi all,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Some more things I tried so far:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>openssl x509 -noout -modulus -in agent.pem | openssl
md5<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>(stdin)= ebdfb317206ba89d07217c06e1f0d6eb<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>openssl rsa -noout -modulus -in agent.pem | openssl
md5<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>(stdin)= ebdfb317206ba89d07217c06e1f0d6eb<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-GB
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>At least the certificate and private key in the
agent.pem are correct.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>There is no output on the cli when I try to register
a phone.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>My guess is that the content of agent.pem and/or
cafile.pem is wrong.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Can someone please confirm this?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Best regards,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Adam<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-GB
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-GB
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=3 face=Arial><span
lang=EN-GB style='font-size:12.0pt;font-family:Arial'>Wed, 14 Aug, 2013 at 16:07
PM, Adam <ala@qsc.de>:</span></font><font size=2 color=navy face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial;color:navy'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=navy face="Times New Roman"><span
lang=EN-GB style='font-size:12.0pt;color:navy'> </span></font><span
lang=EN-GB><o:p></o:p></span></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Hi all,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>i am trying to configure
FreeSWITCH to speak TLS with all Clients.<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>I followed the tutorial
on <a href="http://wiki.freeswitch.com/wiki/SIP_TLS">http://wiki.freeswitch.com/wiki/SIP_TLS</a>
but I am still not sure what key / cert belongs in which file.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>I have a SSL123 Thawte
Wildcard Certificate.<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Am I supposed to cat this
cert + priv. key into agent.pem and the primary and secondary intermediate into
the cafile.pem?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>I did this and set the
right permissions. The internal sofia profile on port 5061 (TLS) is RUNNING.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>But no client (for
example Polycom VVX1500) can register now.<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>If I set it TCP and Port
5060 (which is RUNNING as well) everything works fine.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Wireshark shows me the
following<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Client
->
FS
Client Hello<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>FS
-> Client
Alert (Level
Fatal, Description: Handshake Failure)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>I also tested openssl
s_client –connect (IP):5061 –showcerts but it only says:<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>CONNECTED(00000003)<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>139847050823328:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:724:<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>---<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>no peer certificate
available<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>---<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>No client certificate CA
names sent<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>---<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>SSL handshake has read 7
bytes and written 225 bytes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>---<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>New, (NONE), Cipher is
(NONE)<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Secure Renegotiation IS
NOT supported<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Compression: NONE<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Expansion: NONE<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>---<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>I guess the problem is
the agent.pem and/or cafile.pem<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>agent.pem looks like this<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>-----BEGIN
CERTIFICATE-----<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>(Thawte SSL123 Wildcard
Web Certificate)<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>-----END CERTIFICATE-----<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>-----BEGIN RSA PRIVATE
KEY-----<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>(Unencrypted Private Key)<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>-----END RSA PRIVATE
KEY-----<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>cafile.pem like that:<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>-----BEGIN
CERTIFICATE-----<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>(Thawte Primary
Intermediate)<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>-----END CERTIFICATE-----<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>-----BEGIN
CERTIFICATE-----<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>(Thawte Secondary
Intermediate<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>-----END CERTIFICATE-----<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Any suggestions?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Thanks in advance,<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Adam</span></font><span
lang=EN-GB><o:p></o:p></span></p>
</div>
</blockquote></div></body>
</html>