Author |
Message |
lperezu Brekeke Addict
Joined: 19 Aug 2013 Posts: 26
Location: Lima
|
Posted: Wed Mar 04, 2015 12:00 pm Post subject: TLS:peer not authenticated / TLS-failed |
|
|
1. Brekeke Product Name and Version:
Brekeke SIP Server 3.3.9.3/379-8
2. Java version:
1.7.0_25
3. OS type and the version:
Linux RedHat 6
4. UA (phone), gateway or other hardware/software involved:
Webrtc2sip
5. Your problem:
What is the cause of this message? :
TLS:peer not authenticated;
SIP return code = 603
TLS-failed
In Log File:
tls-listener: reject: incoming: XXX.XXX.XXX.XXX:57531 -> 0.0.0.0:5061: Couldn't create SSL session: SSLSession=[Session-1, SSL_NULL_WITH_NULL_NULL] at 03/05/15 12:24:44.120
I´m making calls from Webrtc implement (Webrtc2sip) to Avaya PBX through Brekeke Sip Server.
Please helpme. |
|
Back to top |
|
james Brekeke Master Guru
Joined: 10 Dec 2007 Posts: 501
|
Posted: Fri Mar 13, 2015 3:18 pm Post subject: |
|
|
lperezu,
Who sent SIP packet to the Brekeke SIP Server over TLS ?
Is it Webrtc2sip?
If so, you need to install the Brekeke SIP Server's TLS certificate in Webrtc2sip.
Are you using a self-signed certificate? |
|
Back to top |
|
tcares Brekeke Junior Member
Joined: 10 Jul 2015 Posts: 8
Location: San Diego
|
Posted: Wed Jul 15, 2015 2:16 pm Post subject: |
|
|
Hi,
I'm running into the same problem. I'm using a Linphone client on my iPhone to try and register with my SIP server. It works fine with UDP, but when I try TLS, I get that "Couldn't create SSL session:" error in the server logs.
In the Linphone client logs, it looks like it recognizes the cert (it is self-signed) but fails on the SSL handshake:
2015-07-15 14:08:48:865 MESSAGE Channel [0x10509c000]: Connected at TCP level, now doing TLS handshake
2015-07-15 14:08:48:869 MESSAGE Channel [0x10509c000]: SSL handshake in progress...
2015-07-15 14:08:48:962 ERROR Channel [0x10509c000]: SSL handshake failed : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
Maybe this is just a problem with the Linphone client, not sure. _________________ Tim |
|
Back to top |
|
snuyzm Brekeke Talented
Joined: 11 Feb 2015 Posts: 97
|
Posted: Wed Jul 15, 2015 4:50 pm Post subject: |
|
|
Is the certificate shown in the SIP Server's [Server Status] page? |
|
Back to top |
|
tcares Brekeke Junior Member
Joined: 10 Jul 2015 Posts: 8
Location: San Diego
|
Posted: Thu Jul 16, 2015 9:23 am Post subject: |
|
|
Yes, it is. Here's what it looks like:
Certificate Information
Certificate 1 Chain.1: Cert.1/1
Type X.509
Version 3
Serial# 00:e2:6a:b9:22:90:2c:8d:50
Validity valid, 07/15/15 23:41:53.000 - 07/12/25 23:41:53.000
Subject 1.2.840.113549.1.9.1=#16137463617265734062726574656c6f6e2e636f6d,CN=ec2-52-26-85-20.us-west-2.compute.amazonaws.com,OU=Software Development,O=Bretelon,L=San Diego,ST=CA,C=US
Issuer 1.2.840.113549.1.9.1=#16137463617265734062726574656c6f6e2e636f6d,CN=ec2-52-26-85-20.us-west-2.compute.amazonaws.com,OU=Software Development,O=Bretelon,L=San Diego,ST=CA,C=US
Signature Algorithm SHA1withRSA
Signature 256 bytes: 13:9d:df:cb:3c:97:fa:c8...
MD5 e2:ec:8d:8a:2f:a4:d8:1b:b2:f0:79:10:a9:ea:71:49
Key Algorithm RSA
Key Format X.509
Key Size 2048 _________________ Tim |
|
Back to top |
|
snuyzm Brekeke Talented
Joined: 11 Feb 2015 Posts: 97
|
|
Back to top |
|
tcares Brekeke Junior Member
Joined: 10 Jul 2015 Posts: 8
Location: San Diego
|
Posted: Thu Jul 16, 2015 9:54 am Post subject: |
|
|
Ah, okay, thank you. I can try rebuilding the app using source.
I actually have a Mac though I can get to a Windows machine if necessary. Do you have a recommendation on a Windows-based SIP client?
Thanks,
Tim _________________ Tim |
|
Back to top |
|
snuyzm Brekeke Talented
Joined: 11 Feb 2015 Posts: 97
|
Posted: Thu Jul 16, 2015 10:53 am Post subject: |
|
|
I'm using Linphone on Mac for my Brekeke SIP Server over TLS!
The file of root-CA is:
/Applications/Linphone.app/Contents/Resources/share/linphone/rootca.pem
If you use your own self-signed certificate, append it to the above pem file. |
|
Back to top |
|
tcares Brekeke Junior Member
Joined: 10 Jul 2015 Posts: 8
Location: San Diego
|
Posted: Thu Jul 16, 2015 12:13 pm Post subject: |
|
|
Thank you, I got the Mac client to work using your steps.
Tim _________________ Tim |
|
Back to top |
|
|