
<div dir="ltr">Note that Linphone uses its own CA list (derived from Mozilla&#39;s list).<br><br>If you are using a self-signed cert, then you need to add the FS CA cert into the Linphone rootca.pem file.   You&#39;ll either need a rooted/jail broken phone to do this, or compile your own version with your CA cert appended to rootca.pem<br>

<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Sep 16, 2013 at 3:46 AM, Dror Lupu <span dir="ltr">&lt;<a href="mailto:drorlupu@gmail.com" target="_blank">drorlupu@gmail.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I followed the steps in the Wiki: <a href="http://wiki.freeswitch.org/wiki/SIP_TLS" target="_blank">http://wiki.freeswitch.org/wiki/SIP_TLS</a><br>


Using the gentls_cert script.<br>

<br>

I verified that all .pem files got created.<br>

<div><div class="h5"><br>

-----Original Message-----<br>

From: <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a><br>

[mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a>] On Behalf Of Brian<br>

West<br>

Sent: Sunday, September 15, 2013 8:35 PM<br>

To: FreeSWITCH Users Help<br>

Subject: Re: [Freeswitch-users] TLS problem<br>

<br>

Its probably going to be the cipher suite, how did you generate the<br>

certificate?<br>

--<br>

Brian West<br>

<a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a><br>

FreeSWITCH Solutions, LLC<br>

PO BOX PO BOX 2531<br>

Brookfield, WI 53008-2531<br>

Twitter: @FreeSWITCH_Wire , @briankwest<br>

<a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br>

<a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a><br>

<br>

T: <a href="tel:%2B1.918.420.9001" value="+19184209001">+1.918.420.9001</a>  |  F: <a href="tel:%2B1.918.420.9002" value="+19184209002">+1.918.420.9002</a>  |  M: +1.918.424.WEST<br>

iNUM: <a href="tel:%2B883%205100%201420%209001" value="+883510014209001">+883 5100 1420 9001</a><br>

ISN: 410*543<br>

Skype:briankwest<br>

PGP Key: <a href="http://www.bkw.org/key.txt" target="_blank">http://www.bkw.org/key.txt</a> (AB93356707C76CED)<br>

<br>

On Sep 14, 2013, at 1:35 PM, Dror Lupu &lt;<a href="mailto:drorlupu@gmail.com">drorlupu@gmail.com</a>&gt; wrote:<br>

<br>

&gt; Hi Guys,<br>

&gt;<br>

&gt; I&#39;ve done the steps for TLS setup as shown on the Wiki (using the server&#39;s<br>

IP address in CN and ALT), but I can&#39;t get TLS to work (UDP/TCP works fine).<br>

&gt; All certificates seem to be in place and generated correctly.<br>

&gt; I get this error, when using Linphone (I installed the root CA on my<br>

machine).<br>

&gt; 1.  tport.c:2745 tport_wakeup_pri() tport_wakeup_pri(0xb5062a60):<br>

&gt; events IN 2.  tport.c:869 tport_alloc_secondary()<br>

&gt; tport_alloc_secondary(0xb5062a60): new secondary tport 0xb67c0410 3.<br>

&gt; tport_type_tls.c:607 tport_tls_accept() tport_tls_accept(0xb67c0410):<br>

&gt; new connection from tls/<a href="http://172.16.111.211:61942/sips" target="_blank">172.16.111.211:61942/sips</a> 4.  tport_tls.c:873<br>

&gt; tls_connect() tls_connect(0xb67c0410): events NEGOTIATING 5.<br>

&gt; tport_tls.c:873 tls_connect() tls_connect(0xb67c0410): events<br>

&gt; NEGOTIATING 6.  tport_tls.c:962 tls_connect() tls_connect(0xb67c0410):<br>

&gt; TLS setup failed (error:00000001:lib(0):func(0):reason(1))<br>

&gt; 7.  tport.c:2092 tport_close() tport_close(0xb67c0410):<br>

tls/<a href="http://172.16.111.211:61942/sips" target="_blank">172.16.111.211:61942/sips</a><br>

&gt; 8.<br>

&gt; Any ideas?<br>

&gt;<br>

&gt; Thanks in advance,<br>

<br>

<br>

<br>

</div></div>_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>

<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>

<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

</blockquote></div><br></div>