[SIP Beyond VoIP] Msrp relay and opensips, tls encryption certificate issues
martin-n at rambler.ru
Sun Feb 8 17:56:23 CET 2015
Hello. I'am using the MSRP Relay with the sip server. My sip server is working
using the tls encryption, with the server and client side certificate
verification. I also want the same verifycation for the MSRP Relay, so i
generated the CA and msrprelay certs using:
So i get msrprelay.crt msrprelay.key and ca.crt ca.key. For the testing i'm using
SIP Blink client. I already have the server cert for opensips server set in
blink, and a certificate authority for opensips server. So i did append the msrp
relay ca.crt to the my server-calist.pem, but when i try and start the chat
session with someone i get the error:
debug: 192.x.x.x:49273 (<- my ip) (NEW): Connection lost: peer rejected our
certificate as invalid
So the question is, is the ca.crt is enough on client side to setup the
verification on msrp relay? Do i need to add the ca.crt to my msrp config? Do i
need to add the msrp CA.crt to the opensips server-calist authority used on
the opensips config is:
tls_verify_client = 1
tls_require_client_certificate = 1
tls_method = SSLv23
tls_certificate = "/usr/local/etc/opensips/tls/server/server-cert.pem"
tls_private_key = "/usr/local/etc/opensips/tls/server/server-privkey.pem"
tls_ca_list = "/usr/local/etc/opensips/tls/server/server-calist.pem" <-- this
must contain also the ca.crt from msrp relay?
Here is my msrp config.ini:
certificate = /var/msrprelay/msrprelay/tls/msrprelay.crt
key = /var/msrprelay/msrprelay/tls/msrprelay.key
address = 0.0.0.0:2855
log_failed_auth = yes
backend = database
Thank you for support.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the SIPBeyondVoIP