[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Linphone-users] TLS handshake failiure

From: Dennis Filder
Subject: [Linphone-users] TLS handshake failiure
Date: Tue, 7 Sep 2021 23:05:33 +0200

On Tue, Sep 07, 2021 at 02:24:41PM -0500, Trent Creekmore wrote:
> Got a valid certificate from Sectigo, and the same certificate is being used
> for SSL access to the PBX. I was able to connect via TLS shortly after
> installing the certificate, but unable to connect now.

You could be a bit more precise here: Do you mean you also use it for

> Using it in FreePBX, and also turned off the "Verify Client" and "Verify
> Server."
> "2021-09-07 14:06:10:860 [org.linphone/belle-sip] ERROR Channel
> [0x784ae480]: SSL handshake failed : X509 - Certificate verification failed,
> e.g. CRL, CA or signature check failed"
> Version is 4.5.1

Do you have the Sectigo CA certificate in your CA store(s)?  Linphone
uses whatever is configured in linphonerc under section "[sip]" with
the key "root_ca" (on my system the value is "/etc/ssl/certs").

If adding that doesn't make it work you've got many hours of looking
at output of openssl's s_client ahead of you.  Common issues:

* someone doesn't send the intermediate certificates
* interoperability issues (rare, but possible)
* using a self-signed certificate (probably irrelevant here)

Good luck.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]