<div dir="ltr">Its what it will look at if nothing is defined, what exactly have you setup so far for TLS?<div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 12, 2014 at 9:08 PM, Michael Collins <span dir="ltr"><<a href="mailto:msc@freeswitch.org" target="_blank">msc@freeswitch.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div>Hello all,<br><br></div>I have been attempting to set up a CentOS (yeah, I know...) system for a buddy and the TLS on the internal profile is causing a failure. I did a sofia loglevel tport 9 and then loaded the internal profile. I see a curious reference to /usr/conf/ssl/tls.pem:<br><br><font size="1"><span style="font-family:courier new,monospace">2014-11-12 18:51:26.223262 [DEBUG] sofia.c:2747 Creating agent for internal<br>tport.c:498 tport_tcreate() tport_create(): 0x7f0cf8046840<br>tport.c:1615 tport_bind_server() tport_bind_server(0x7f0cf8046840) to */EXTERN_IP_ADDR:5060/sip<br>tport.c:1685 tport_bind_server() tport_bind_server(0x7f0cf8046840): calling tport_listen for udp<br>tport.c:621 tport_alloc_primary() tport_alloc_primary(0x7f0cf8046840): new primary tport 0x7f0cf8021be0<br>tport.c:751 tport_listen() tport_listen(0x7f0cf8021be0): listening at udp/EXTERN_IP_ADDR:5060/sip<br>tport.c:1685 tport_bind_server() tport_bind_server(0x7f0cf8046840): calling tport_listen for tcp<br>tport.c:621 tport_alloc_primary() tport_alloc_primary(0x7f0cf8046840): new primary tport 0x7f0cf8070d30<br>tport.c:751 tport_listen() tport_listen(0x7f0cf8070d30): listening at tcp/EXTERN_IP_ADDR:5060/sip<br>tport.c:1615 tport_bind_server() tport_bind_server(0x7f0cf8046840) to tls/EXTERN_IP_ADDR:5061/sips<br>tport.c:1685 tport_bind_server() tport_bind_server(0x7f0cf8046840): calling tport_listen for tls<br>tport.c:621 tport_alloc_primary() tport_alloc_primary(0x7f0cf8046840): new primary tport 0x7f0cf8066c90<br><span style="color:rgb(255,0,0)">tport_type_tls.c:239 tport_tls_init_master() tport_tls_init_master(0x7f0cf8066c90): tls key = /usr/conf/ssl/tls.pem<br>tport_tls.c:353 tls_init_context() tls_init_context: invalid local certificate: /usr/conf/ssl/tls.pem<br></span>tport_tls.c:158 tls_log_errors() tls_init_context: 0200100d:system library:fopen:Permission denied<br>tport_tls.c:158 tls_log_errors() tls_init_context: 20074002:BIO routines:FILE_CTRL:system lib<br>tport_tls.c:158 tls_log_errors() tls_init_context: 140ad002:SSL routines:SSL_CTX_use_certificate_file:system lib<br>tport_tls.c:367 tls_init_context() tls_init_context: invalid private key: /usr/conf/ssl/tls.pem<br>tport_tls.c:158 tls_log_errors() tls_init_context(key): 0200100d:system library:fopen:Permission denied<br>tport_tls.c:158 tls_log_errors() tls_init_context(key): 20074002:BIO routines:FILE_CTRL:system lib<br>tport_tls.c:158 tls_log_errors() tls_init_context(key): 140b0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib<br>tport_tls.c:379 tls_init_context() tls_init_context: private key does not match the certificate public key<br>tport_tls.c:391 tls_init_context() tls_init_context: error loading CA list: cafile.pem<br>tport_tls.c:158 tls_log_errors() tls_init_context(CA): 140a80b1:SSL routines:SSL_CTX_check_private_key:no certificate assigned<br>tport_tls.c:158 tls_log_errors() tls_init_context(CA): 02001002:system library:fopen:No such file or directory<br>tport_tls.c:158 tls_log_errors() tls_init_context(CA): 2006d080:BIO routines:BIO_new_file:no such file<br>tport_tls.c:158 tls_log_errors() tls_init_context(CA): 0b084002:x509 certificate routines:X509_load_cert_crl_file:system lib<br>tport.c:727 tport_listen() tport_listen(0x7f0cf8046840): tls_init_master(pf=2 tls/[EXTERN_IP_ADDR]:5061): Input/output error<br>tport.c:555 tport_destroy() tport_destroy(0x7f0cf8046840)<br>2014-11-12 18:51:26.223262 [ERR] sofia.c:2847 Error Creating SIP UA for profile: internal (sip:mod_sofia@EXTERN_IP_ADDR:5060;transport=udp,tcp) ATTEMPT 1 (RETRY IN 5 SEC)<br></span></font><br></div>I can't find any tls.pem file referred to in any config file and a google search of "tls.pem" yields many references to agent.pem, key.pem, foo.pem but never "tls.pem"... <br><br></div>The gentls stuff in the wiki all seemed to work as I saw no errors and I got agent.pem and cafile.pem and other miscellaneous files. Any thoughts on this?<br><br></div>Thanks!<span class="HOEnZb"><font color="#888888"><br></font></span></div><span class="HOEnZb"><font color="#888888">-MC<br><br></font></span></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p>
<p><font face="courier new, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div>
</div>