Author Topic: Are compatible OpenSSL module with lets encrypt certs?  (Read 61 times)

Anton

  • Newbie
  • *
  • Posts: 21
    • View Profile
Are compatible OpenSSL module with lets encrypt certs?
« on: April 01, 2020, 04:07:09 AM »
Hello dear Community.

I have letsencrypt certbot generated files:
privkey.pem - rsa private key,
cert.pem - signed certificate,
chain.pem - chain of letsencrypt certs,
fullchain.pem - chain of letsencript certs with cert.pem

ysipchan.conf:
ssl_certificate_file=fullchain.pem
ssl_key_file=privkey.pem
[listener SIPTLS]
enabled=yes
default=no
type=tls
addr=x.x.x.x
port=5061
sslcontext=server_context

openssl.conf
[server_context]
enable=yes
domains=*.mydomain,ip1,ip2
certificate=fullchain.pem
key=privkey.pem

regexroute.conf
[outgoing]
^123.*=sip/sip:otherserver;oip=ip1;oip_transport=tls;oconnection_id=SIPTLS

TEST
openssl s_client -connect myserver:5061 = cert is OK
openssl s_client -connect otherserver:5061 = cert is OK
call from myserver to otherserver = TIMEOUT
yate.log:
<openssl:WARN> Certificate verify error 20: UNABLE_TO_GET_ISSUER_CERT_LOCALLY

May be someone have experience with yate sip tls and letsencrypt certs?

Best regards,
Anton
« Last Edit: April 01, 2020, 04:26:27 AM by Anton »