[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Linphone-users] TLS handshake failiure
|
From: |
Dennis Filder |
|
Subject: |
[Linphone-users] TLS handshake failiure |
|
Date: |
Tue, 7 Sep 2021 23:05:33 +0200 |
On Tue, Sep 07, 2021 at 02:24:41PM -0500, Trent Creekmore wrote:
> Got a valid certificate from Sectigo, and the same certificate is being used
> for SSL access to the PBX. I was able to connect via TLS shortly after
> installing the certificate, but unable to connect now.
You could be a bit more precise here: Do you mean you also use it for
HTTPS?
> Using it in FreePBX, and also turned off the "Verify Client" and "Verify
> Server."
>
>
> "2021-09-07 14:06:10:860 [org.linphone/belle-sip] ERROR Channel
> [0x784ae480]: SSL handshake failed : X509 - Certificate verification failed,
> e.g. CRL, CA or signature check failed"
>
>
> Version is 4.5.1
Do you have the Sectigo CA certificate in your CA store(s)? Linphone
uses whatever is configured in linphonerc under section "[sip]" with
the key "root_ca" (on my system the value is "/etc/ssl/certs").
If adding that doesn't make it work you've got many hours of looking
at output of openssl's s_client ahead of you. Common issues:
* someone doesn't send the intermediate certificates
* interoperability issues (rare, but possible)
* using a self-signed certificate (probably irrelevant here)
Good luck.