Jump to content

Problem with Skype SIP connection


Kenny Munro

Recommended Posts

We have one of those Skype SIP Connect lines into our system which has been working fine for several months. All of a sudden, it's no longer registering and we're getting this in the log:

 

[1] 2011/06/07 22:03:34: TCP: TOS could not be set, code 0

[4] 2011/06/07 22:03:34: Certificate for VeriSign Class 3 Public Primary Certification Authority - G5 not available

[5] 2011/06/07 22:04:06: Registration on trunk 5 (SKYPE Connect) failed. Retry in 60 seconds

 

In the certificate screen I have this:

 

VeriSign Class 3 Public Primary Certification Authority - G5 Rejected Root CA for server authentication

 

I've tried deleting the cert but it just reloads it when it next registers.

 

I'm all out of idea - any suggestions?

 

Thanks,

Kenny

Link to comment
Share on other sites

[5] 2011/06/07 22:04:06: Registration on trunk 5 (SKYPE Connect) failed. Retry in 60 seconds

 

The registration failure indicates that PBX received either an error from the provider or PBX could not reach the provider (timeout scenario). The PBX SIP log (or wireshark tracing on the PBX) would give some clues regarding why this is failing.

Link to comment
Share on other sites

Well obviously Skype turned on TLS transport layer (great thing) and use a certificate signed by VeriSign (also a great thing). What you need to do is import the VeriSign Root in the certificates section of the PBX (see http://www.verisign.com/repository/roots/root-certificates/PCA-3G5.pem). I hope it is the right one.

 

-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----

Link to comment
Share on other sites

  • 6 months later...

The latest version which has been released just before Christmas should have the certificate built-in. If you upgrade, make sure that you delete all certificates from the list of certificates or just remove the whole working directory (at least the certificates directory) from your install before restarting the service.

 

If you get 404 the problem might be a different one. Maybe you are subscribing to the wrong number. Lets see if we can come up with an updated description on how to connect snom ONE to Skype.

Link to comment
Share on other sites

The latest version which has been released just before Christmas should have the certificate built-in. If you upgrade, make sure that you delete all certificates from the list of certificates or just remove the whole working directory (at least the certificates directory) from your install before restarting the service.

 

If you get 404 the problem might be a different one. Maybe you are subscribing to the wrong number. Lets see if we can come up with an updated description on how to connect snom ONE to Skype.

 

The latest release on http://wiki.snomone.com/index.php?title=Upgrades shows the last one was released in November, is there a new spot I should be looking?

 

Daniel

Link to comment
Share on other sites

  • 2 weeks later...

I am running 4.5 and having the same issue with skype, the certificate is not preinstalled, the one above did not work, I downloaded from http://www.verisign.com/support/roots.html I still get 408 Request Timeout (Registration failed, retry after 60 seconds) under certificates I get VeriSign Class 3 Secure Server CA - G3

 

Rejected Root CA for server authentication, although I have a valid certificate with the same name.

log

Certificate could not be verified

 

SIP 63.209.144.201:5061: process_server_hello(03014f179c5ad0b76f171eff5e213d1c675147d7d543a72144350597deb38387aabc2037f85536e7a3394e0aab6209c5dfc4ada7f95f0e86bee51cacf59dc55d4c479c000500)

 

 

 

[9] 2012/01/18 23:30:19:

 

SIP 63.209.144.201:5061: [37f85536] process_certificate(000fef0005223082051e30820406a0030201020210692cf555a19f0ed924a024e335552cbe300d06092a864886f70d01010505003081b5310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312f302d06035504031326566572695369676e20436c61737320332053656375726520536572766572204341202d204733301e170d3131313130343030303030305a170d3132313130383233353935395a30818e310b3009060355040613024c55311330110603550408130a4c7578656d626f757267311330110603550407140a4c7578656d626f757267311e301c060355040a1415536b79706520546563686e6f6c6f67696573205341311d301b060355040b1414496e666f726d6174696f6e205365637572697479311630140603550403140d7369702e736b7970652e636f6d30819f300d06092a864886f70d010101050003818d00308189028181009ab48af20b31f84ac503997c0282864db39f4cd9cb74447f5692a0496b3c0a31df47f0ae0ba0ec155c00cb3a111966763aa7a26adefca271dd8103e8a0fc7da57d114ac098b09734c4f83712f3b164b82e0cab0930715379295ea0122dcbe9a32f8251193b5afea8a686a7cd88f0e2be796dffc648660f6a20f3d1b94239301d0203010001a38201d1308201cd30090603551d1304023000300b0603551d0f0404030205a030450603551d1f043e303c303aa038a0368634687474703a2f2f5356525365637572652d47332d63726c2e766572697369676e2e636f6d2f53565253656375726547332e63726c30440603551d20043d303b3039060b6086480186f84501071703302a302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061301d0603551d250416301406082b0601050507030106082b06010505070302301f0603551d230418301680140d445c165344c1827e1d20ab25f40163d8be79a5307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d304006082b060105050730028634687474703a2f2f5356525365637572652d47332d6169612e766572697369676e2e636f6d2f53565253656375726547332e636572306e06082b0601050507010c04623060a15ea05c305a305830561609696d6167652f6769663021301f300706052b0e03021a04144b6bb92896060cbbd052389b29ac4b078b21051830261624687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f312e676966300d06092a864886f70d010105050003820101007b42ffecdeb7f695da8f3e0174a9a3df7e62dc547254064810bef59e35af8f5e6f86c7b28f1b03f64b853a3681be292454771223c7b0109eb52b44a2352c3dddb6540859279db9ad65728ee800a6844e067a0efd31f73d2ab3ab03e06c443d70d3224e1c7376bbd21142a163c4b468378148438e49a5830276974ec5bf164f8fb330d15f68c325bb05954cf614152d244ef5cf985df2cc727000459f26044eb63c50186ebdcf06073954ea519ef374515be7cbcff6c53a8d3db35eb047c4f02599bace07f1c56dbb56c49539bcb5130d13aa66e2ae0ac70dd2b49cd189a2bcb7669ce041192fd9dbcfaa41817ef9640c7758809233efdd8f9eab9d2f7f7ac6230004d4308204d030820439a0030201020210250ce8e030612e9f2b89f7054d7cf8fd300d06092a864886f70d0101050500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3036313130383030303030305a170d3231313130373233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a382019b30820197300f0603551d130101ff040530030101ff30310603551d1f042a30283026a024a0228620687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332e63726c300e0603551d0f0101ff040403020106303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d303e0603551d250437303506082b0601050507030106082b0601050507030206082b0601050507030306096086480186f8420401060a6086480186f845010801300d06092a864886f70d0101050500038181001302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff0005f0308205ec308204d4a00302010202106ecc7aa5a7032009b8cebcf4e952d491300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3130303230383030303030305a170d3230303230373233353935395a3081b5310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312f302d06035504031326566572695369676e20436c61737320332053656375726520536572766572204341202d20473330820122300d06092a864886f70d01010105000382010f003082010a0282010100b187841fc20c45f5bcab2597a7ada23e9cbaf6c139b88bcac2ac56c6e5bb658e444f4dce6fed094ad4af4e109c688b2e957b899b13cae23434c1f35bf3497b6283488174d188786c0253f9bc7f4326575833833b330a17b0d04e9124ad867d6412dc744a34a11d0aea961d0b15fca34b3bce6388d0f82d0c948610cab69a3dcaeb379c00483586295078e84563cd19414ff595ec7b98d4c471b350be28b38fa0b9539cf5ca2c23a9fd1406e818b49ae83c6e81fde4cd3536b351d369ec12ba566e6f9b57c58b14e70ec79ced4a546ac94dc5bf11b1ae1c6781cb445533997f249b3f53457f861af33cfa6d7f81f5b84ad3f585371cb5a6d009e4187b384efa0f0203010001a38201df308201db303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d30120603551d130101ff040830060101ff02010030700603551d20046930673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f72706130340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332d67352e63726c300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e67696630280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d36301d0603551d0e041604140d445c165344c1827e1d20ab25f40163d8be79a5301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d010105050003820101000c8324efddc30cd9589cfe36b6eb8a804bd1a3f79df3cc53ef829ea3a1e697c1589d756ce01d1b4cfad1c12d05c0ea6eb2227055d92033403307c26583fa8f43379bea0e9a6c70eef69c803bd937f47a6decd0187d494aca99c71928a2bed87724f78526866d8705404167d1273aeddc481d22cd0b0b8bbcf4b17bfdb499a8e9762ae11a2d876e74d388dd1e22c6df16b62b82140a945cf250ecafceff62370dad65d3064153ed0214c8b55828a1ace05becb37f954afb03c8ad26dbe66678124ad99f42fbe198e642839b8f8f6724e86119b5ddcdb50b26058ec36ec4c875b846cfe218065ea9aea8819a4716de0c286c2527b9deb78458c61f381ea4c4cb66)

 

 

 

[4] 2012/01/18 23:30:19:

 

Certificate could not be verified

 

Link to comment
Share on other sites

I tried going to the certificates folder and opening the certificate, and changing the rs to server, it will show up as trusted, however it will not work, it will add another certificate as rejected.

<?xml version="1.0" encoding="utf-8"?>

<row><public>---BEGIN CERTIFICATE---

MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCByjELMAkG

A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU

cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh

dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQ

cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcN

MjAwMjA3MjM1OTU5WjCBtTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu

MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1

c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVy

aVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUA

A4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG5btljkRPTc5v7QlK

1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8f0MmV1gzgzszChew0E6RJK2G

fWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDKtpo9yus3nABINYYpUHjoRWPNGUFP9ZXs

e5jUxHGzUL4os4+guVOc9cosI6n9FAboGLSa6Dxugf3kzTU2s1HTaewSulZub5tXxYsU5w7H

nO1KVGrJTcW/EbGuHGeBy0RVM5l/JJs/U0V/hhrzPPptf4H1uErT9YU3HLWm0AnkGHs4TvoP

AgMBAAGjggHfMIIB2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw

LnZlcmlzaWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4

RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAqBggr

BgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1UdHwQtMCswKaAn

oCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIB

BjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP

5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dv

LmdpZjAoBgNVHREEITAfpB0wGzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4E

FgQUDURcFlNEwYJ+HSCrJfQBY9i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8z

MTMwDQYJKoZIhvcNAQEFBQADggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfB

WJ11bOAdG0z60cEtBcDqbrIicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6bezQGH1J

SsqZxxkoor7YdyT3hSaGbYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majpdirhGi2HbnTTiN0e

IsbfFrYrghQKlFzyUOyvzv9iNw2tZdMGQVPtAhTItVgooazgW+yzf5VK+wPIrSbb5mZ4EkrZ

n0L74ZjmQoObj49nJOhhGbXdzbULJgWOw27EyHW4Rs/iGAZeqa6ogZpHFt4MKGwlJ7net4RY

xh84HqTEy2Y=

---END CERTIFICATE---

</public><subject>VeriSign Class 3 Secure Server CA - G3</subject><type>rs</type></row>

Link to comment
Share on other sites

We are having similar certificate issues.. but using a SoHo.. for which the alpha monocerotids release has not yet been made available (running 2011-4.3.0.5021 Linux). Can 'Pradeep' (?) or someone post or PM a certificate set that will allow this to work?? Many thanks for your kind attention.

Link to comment
Share on other sites

  • 5 months later...

I remember that our QA has skype trunk working in the lab. Not sure if Skype really supported TLS (even though the documentation says so). We will double check that.

 

BTW, did you check out this forum link - http://forum.snomone.com/index.php?/topic/4827-skype-connect-seems-to-be-not-compatible/page__p__21206__hl__skype__fromsearch__1#entry21206

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...