<div dir="ltr">hi , enable tport log on freeswith and post these log ...<div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jan 2, 2014 at 11:23 PM, Iskren Hadzhinedev <span dir="ltr">&lt;<a href="mailto:iskren.hadzhinedev@ikiji.com" target="_blank">iskren.hadzhinedev@ikiji.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>
<div style="font-family:&#39;Roboto&#39;;font-size:9pt;font-weight:200;font-style:normal">
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">Greetings.</p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">I&#39;m unable to setup TLS and SRTP. I have a valid certificate from GlobalSign and my setup is currently the following:</p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">My certificate and key (merged with cat keyfile certfile &gt; agent.pem) in /opt/freeswitch/conf/ssl/agent.pem</p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">The GlobalSign root certificate is in /opt/freeswitch/conf/ssl/cafile.pem</p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"> </p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">I edited vars.xml as instructed from <a href="http://wiki.freeswitch.org/wiki/SIP_TLS#Configuration" target="_blank">http://wiki.freeswitch.org/wiki/SIP_TLS#Configuration</a></p>


<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">I tried running with tlsv1 and sslv23 in vars.xml, verified that FS is listening on ports 5061 and 5081 with netstat -nltp | grep freeswitch</p>


<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">Also I get TLS listeners with &quot;sofia status&quot; so it should be working. Connecting to ports 5061 and 5081 with openssl s_client connect freeswitch.lan:&lt;port&gt; is successful,</p>


<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">but I get a &#39;Verify return code: 21 (unable to verify the first certificate)&#39;. Running nginx with the agent.pem as a certificate is working without any issues.</p>


<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">When I try to connect to Freeswitch via TLS with Bria and Linphone 3.6.1 I get errors 408 or 503 and I don&#39;t see any output into the freeswitch console where I enabled sofia siptrace globally.</p>


<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"> </p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">What is the correct way to setup Freeswitch with a commercial certificate in order to enable TLS and SRTP ?</p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">Thank you!</p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"> </p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">Kind regards,</p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">-- </p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"><span style="font-family:&#39;liberation mono&#39;">Iskren Hadzhinedev</span></p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"><span style="font-family:&#39;liberation mono&#39;">System Administrator</span></p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"> </p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"><img src="cid:336718437@KDE"></p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"><span style="font-family:&#39;liberation mono&#39;">The Idea Factory | 20 Mearns Street | Aberdeen | AB11 5AT | UK</span></p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"><span style="font-family:&#39;liberation mono&#39;">T: 01224 607500</span></p>
<p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px"><span style="font-family:&#39;liberation mono&#39;">VAT Reg No: 982 4936 74. Company registered in Scotland, SC237116</span></p>

</div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>