Howto:Debugging SRTP/SIPS connections

From innovaphone-wiki

Jump to: navigation, search

What to do if no connection via SIP/TLS come about?

Error message in the trace:

 Remote server certificate mismatch: IP0010-2b-00-a3 (194.204.29.9)

If the above error message can be found in the trace, the TLS layer of the client has already accepted the Server-Zertifikat. Here it is the SIP stack that does not agree with the server certificate. The SIP stack opens a connection towards "194.204.29.9" and received certificate "IP0010-2b-00-a3" from the server. The mismatch irritates the SIP stack.

It would also irritate a web browser, if you're trying to connect with "banking.postbank.de" and the connected server presents a certificate for "blabla.nonsense.de". Even if the TLS layer has accepted certificate "blabla.nonsense.de" since it is an officially signed certificate. The web browser won't accept.

Certificate and connection destination must match!

Either you update the server certificate and add "194.204.29.9" as alternative name or you make the client open the connection towards "IP0010-2b-00-a3". In the seconds case you must make the client resolve "IP0010-2b-00-a3" into an ip address. You can add a local DNS entry for "IP0010-2b-00-a3" on the client box (Services/DNS/Hosts).

Personal tools