Configure TLS in Kamailio

[Anurag Mishra]

Hello All,

I am trying to configure TLS in Kamailio and my tls.cfg file is below:

#

# $Id$

#

# Example Kamailio TLS Configuration File

#

# This is the default server domain, settings

# in this domain will be used for all incoming

# connections that do not match any other server

# domain in this configuration file.

#

# We do not enable anything else than TLSv1

# over the public internet. Clients do not have

# to present client certificates by default.

#

[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
#crl = /etc/kazoo/kamailio/certs/crl.pem
#certificate = /etc/kazoo/kamailio/certs/cert.pem
certificate = /etc/kazoo/kamailio/certs/STAR_my_com.crt
#private_key = /etc/kazoo/kamailio/certs/key.pem
private_key = /etc/kazoo/kamailio/certs/server.key
#ca_list = /etc/kazoo/kamailio/certs/ca.pem
ca_list = /etc/kazoo/kamailio/certs/STAR_my_com.ca-bundle

# This is the default client domain, settings

# in this domain will be used for all outgoing

# TLS connections that do not match any other

# client domain in this configuration file.

# We require that servers present valid certificate.

#

[client:default]

verify_certificate = no

require_certificate = no

# This is an example server domain for TLS connections

# received from the loopback interface. We allow

# the use of SSLv2 and SSLv3 protocols here, we do

# not require that clients present client certificates

# but if they present it it must be valid. We also use

# a special certificate and CA list for loopback

# interface.

#

[server:127.0.0.1:5061]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = /etc/kazoo/kamailio/certs/key.pem
certificate = /etc/kazoo/kamailio/certs/cert.pem
verify_depth = 3
ca_list = /etc/kazoo/kamailio/certs/cert.pem
#crl = /etc/kazoo/kamailio/certs/local_crl.pem

#[server:127.0.0.1:5061]

#method = TLSv1

#verify_certificate = yes

#require_certificate = yes

#private_key = /etc/kazoo/kamailio/certs/server.key

#certificate = /etc/kazoo/kamailio/certs/STAR_my_com.crt

#verify_depth = 3

#ca_list = /etc/kazoo/kamailio/certs/STAR_my_com.ca-bundle

#crl = /etc/kazoo/kamailio/certs/local_crl.pem

I am getting an error after restarting Kamailio, the error is :

Jan  8 07:04:11 kazoo2 kamailio: WARNING: <core> [cfg.y:3544]: warn_at(): warning in config file /etc/kazoo/kamailio/default.cfg, line 570, column 16-52: constant value in if(...)

Jan  8 07:04:11 kazoo2 kamailio: INFO: <core> [tcp_main.c:4846]: init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)

Jan  8 07:04:12 kazoo2 kamailio[4258]: INFO: rr [../outbound/api.h:49]: ob_load_api(): Failed to import bind_ob

Jan  8 07:04:12 kazoo2 kamailio[4258]: INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available

Jan  8 07:04:12 kazoo2 kamailio[4258]: INFO: db_text [dbt_base.c:99]: dbt_init(): using database at: /etc/kazoo/kamailio/dbtext

Jan  8 07:04:12 kazoo2 kamailio[4258]: INFO: auth [auth_mod.c:350]: mod_init(): auth: qop set, but nonce-count (nc_enabled) support disabled

Jan  8 07:04:12 kazoo2 kamailio[4258]: INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512

Jan  8 07:04:12 kazoo2 kamailio[4258]: INFO: db_text [dbt_base.c:99]: dbt_init(): using database at: /etc/kazoo/kamailio/dbtext

Jan  8 07:04:12 kazoo2 kamailio[4258]: ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<127.0.0.1:5061>: No listening socket found

Jan  8 07:04:12 kazoo2 kamailio[4258]: ERROR: <core> [sr_module.c:939]: init_mod(): init_mod(): Error while initializing module tls (/usr/lib64/kamailio/modules/tls.so)

Can anyone advise me what am I doing wrong? And what should be the right way to work it out.

Thanks,

Anurag Mishra 

[Anurag Mishra]

Hello,

Can anyone suggest me, how to resolve this issue.

[James Aimonetti]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

server:127.0.0.1:5061

Kamailio is trying to listen for TLS connections on the loopback
adapter. Is that your intent? Seems pretty limiting.

Also, is there another process already bound to port 5061?

I'd check those two things first.

- --
James Aimonetti
Lead Systems Architect / Impressionable Scallywag
"If Dialyzer doesn't care, I don't care"

2600HzPDX | http://2600hz.com
sip:ja...@2600hz.com
tel:415.886.7905
irc:mc_ @ freenode
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJWlDlZAAoJENTKa+JPXCVgiEwH/3B6CUw9NHFYcfDKdH2RO9w3
RkOu2EKczoUd0nxpe6mM3IpjpH5a6+TCO4gWie6qygwrrSy7FlTx5gg7u067jsFr
bBroQH1Bu+2UxECiWvRu8/5nj+KNmCbv49WNlH5OqjMMV2VtUKifmdZxrvqpGlfJ
B2X/6jgKQ5Lp8aOlmLdDX2B1X1VVMNPLhpKFN0XmFe/WTpP3T6mG85sPGDVU/tqz
0PHrctPhH0Q/2ENaFecv1MaSFSBI26tTMrZaCX38CMdsTHzg4IxgDcdbjXkDw5lG
7+MvAYI9mj2hLJLDd59oReOakYOBB1jt9QxS4Et2iiiyswLcldOIFXuDGSxv/3I=
=k0wG
-----END PGP SIGNATURE-----

[Anurag Mishra]

Hello James,

Thanks for your reply.

I don't have the intent to use loopback adapter. I have removed it and using defaults. There is no process bound to port 5061.

The error has changed now I am getting below error :

Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: <core> [udp_server.c:230]: probe_max_receive_buffer(): INFO: udp_init: SO_RCVBUF is finally 524288
Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: <script>: SUBSCRIBE { 'exchange' : 'dialoginfo' , 'type' : 'direct', 'queue' : 'BLF-QUEUE-kazoo2.domain.com', 'routing' : 'BLF-kazoo2.domain.com', 'auto_delete' : 0, 'durable' : 1, 'no_ack' : 0, 'wait_for_consumer_ack' : 1 }
Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: tls [tls_domain.c:274]: fill_missing(): TLSs<default>: tls_method=9
Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: tls [tls_domain.c:286]: fill_missing(): TLSs<default>: certificate='/etc/kazoo/kamailio/certs/STAR_my_com.crt'
Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: tls [tls_domain.c:293]: fill_missing(): TLSs<default>: ca_list='/etc/kazoo/kamailio/certs/STAR_my_com.ca-bundle'
Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: tls [tls_domain.c:300]: fill_missing(): TLSs<default>: crl='(null)'
Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: tls [tls_domain.c:304]: fill_missing(): TLSs<default>: require_certificate=1
Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: tls [tls_domain.c:311]: fill_missing(): TLSs<default>: cipher_list='(null)'
Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: tls [tls_domain.c:318]: fill_missing(): TLSs<default>: private_key='/etc/kazoo/kamailio/certs/server.key'
Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: tls [tls_domain.c:322]: fill_missing(): TLSs<default>: verify_certificate=1
Jan 13 01:11:16 kazoo2 kamailio[16108]: INFO: tls [tls_domain.c:325]: fill_missing(): TLSs<default>: verify_depth=9
Jan 13 01:11:16 kazoo2 kamailio[16108]: ERROR: tls [tls_domain.c:504]: load_cert(): TLSs<default>: Unable to load certificate file '/etc/kazoo/kamailio/certs/STAR_my_com.crt'
Jan 13 01:11:16 kazoo2 kamailio[16108]: ERROR: tls [tls_domain.c:505]: load_cert(): load_cert:error:0200100D:system library:fopen:Permission denied
Jan 13 01:11:16 kazoo2 kamailio[16108]: ERROR: tls [tls_domain.c:505]: load_cert(): load_cert:error:20074002:BIO routines:FILE_CTRL:system lib
Jan 13 01:11:16 kazoo2 kamailio[16108]: ERROR: tls [tls_domain.c:505]: load_cert(): load_cert:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
Jan 13 01:11:16 kazoo2 kamailio[16108]: ERROR: <core> [sr_module.c:896]: init_mod_child(): init_mod_child(): Error while initializing module tls (/usr/lib64/kamailio/modules/tls.so)
Jan 13 01:11:16 kazoo2 kamailio[16108]: ERROR: <core> [main.c:1594]: main_loop(): ERROR: main: error in init_child(PROC_INT) -- exiting
Jan 13 01:11:16 kazoo2 kamailio[16108]: ERROR: ctl [ctl.c:379]: mod_destroy(): ERROR: ctl: could not delete unix socket /tmp/kamailio_ctl: Operation not permitted (1)

What am I doing wrong?

Thanks,

Anurag Mishra 

sip:...@2600hz.com

[Luis Azedo]

permissions ?

Jan 13 01:11:16 kazoo2 kamailio[16108]: ERROR: tls [tls_domain.c:504]: load_cert(): TLSs<default>: Unable to load certificate file '/etc/kazoo/kamailio/certs/STAR_my_com.crt'
Jan 13 01:11:16 kazoo2 kamailio[16108]: ERROR: tls [tls_domain.c:505]: load_cert(): load_cert:error:0200100D:system library:fopen:Permission denied

--
You received this message because you are subscribed to the Google Groups "2600hz-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 2600hz-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Anurag Mishra]

Hello Luis,

I have set 700 permission to certs folder. Is there any other permission that it will need.

[Anurag Mishra]

Hello Luis,

Can you please confirm what type of permissions it needs to resolve this issue?

Thanks

[Anurag Mishra]

Hello All,

It worked :)

[Den Pavlovsky]

Hi 

I encountered the same problem:

TLSs<default>: Unable to load certificate file '/etc/kazoo/kamailio/certificates/cert.pem'

Jul 14 05:36:09 kazootest kamailio[3886]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_cert:error:0200100D:system library:fopen:Permission denied

this problem is only in 1 server (other servers with identical permissions accepted certificates)

I tried to change names of volumes with certificates, permissions were the same with working servers with TLS. I also removed the certificate but anyway - the log file gives the same error.

What can be done here?

суббота, 9 января 2016 г., 23:07:09 UTC+5 пользователь Anurag Mishra написал:

[Darren Schreiber]

Well it says it’s a permissions error so it still must be, but could be things like SELinux too. You could try temporarily (as a test) moving the file to /tmp/ and changing the config to load from there. If it works then it means you  have to keep hunting for the cert permission issue, but at least that will confirm that’s really the issue.

--

[Den Pavlovsky]

Hi, Darren

Yes, it was SELINUX

Many thanks for your help

суббота, 9 января 2016 г., 23:07:09 UTC+5 пользователь Anurag Mishra написал:

Hello All,

[Himanshu]

I have checked my SELinux its disabled, I also set the permission 700 to certs folder in kamailio. But, I am also getting the error below.

Sep 15 22:39:34 vpbx1 kamailio[1860]: ERROR: tls [tls_domain.c:1095]: load_private_key(): TLSs<default>: Unable to load private key '/etc/kazoo/kamailio/certs/private_key.txt'
Sep 15 22:39:34 vpbx1 kamailio[1860]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_private_key:error:0906D06C:PEM routines:PEM_read_bio:no start line
Sep 15 22:39:34 vpbx1 kamailio[1860]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_private_key:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Sep 15 22:39:34 vpbx1 kamailio[1860]: ERROR: tls [tls_domain.c:1095]: load_private_key(): TLSs<default>: Unable to load private key '/etc/kazoo/kamailio/certs/private_key.txt'
Sep 15 22:39:34 vpbx1 kamailio[1860]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_private_key:error:0906D06C:PEM routines:PEM_read_bio:no start line
Sep 15 22:39:34 vpbx1 kamailio[1860]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_private_key:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Sep 15 22:39:34 vpbx1 kamailio[1860]: ERROR: tls [tls_domain.c:1103]: load_private_key(): TLSs<default>: Unable to load private key file '/etc/kazoo/kamailio/certs/private_key.txt'
Sep 15 22:39:34 vpbx1 kamailio[1860]: ERROR: <core> [sr_module.c:929]: init_mod_child(): Error while initializing module tls (/usr/lib64/kamailio/modules/tls.so)
Sep 15 22:39:34 vpbx1 kamailio[1860]: ERROR: <core> [main.c:1533]: main_loop(): error in init_child(PROC_INT) -- exiting
Sep 15 22:39:34 vpbx1 kamailio[1860]: WARNING: <core> [mem/q_malloc.c:429]: qm_free(): WARNING:qm_free: free(0) called from kazoo: kz_amqp.c: kz_amqp_destroy_server(577)

Can you please help me? what else needed.

Thanks,

Himanshu Sharma

[Darren Schreiber]

“No start line”

 

Perhaps you have the wrong content in the file. The file appears to be readable but it can’t find the actual key. There is a start line that is missing so it can’t be used. This probably means you have the wrong key.

[Himanshu Sharma]

Hello Darren,

Thanks for reply. I am using the same private key for kazoo application and it's working fine, you can find the full logs below:

Sep 16 15:17:43 vpbx1 kamailio: DEBUG: <core> [re.c:505]: subst_str(): no match
Sep 16 15:17:43 vpbx1 kamailio: DEBUG: <core> [cfg.lex:1850]: pp_define_get(): ### returning define ID [L_INFO] value [2]
Sep 16 15:17:43 vpbx1 kamailio: WARNING: <core> [cfg.y:3409]: warn_at(): warning in config file default.cfg, line 83, column 16-18: sctp support not compiled in
Sep 16 15:17:43 vpbx1 kamailio: WARNING: <core> [cfg.y:3412]: warn_at(): warning in config file registrar-role.cfg, line 136, column 24: non-int expression (you might want to use casts)#012
Sep 16 15:17:43 vpbx1 kamailio: INFO: tls [tls_init.c:403]: init_tls_compression(): tls: init_tls: disabling compression...
Sep 16 15:17:43 vpbx1 kamailio: INFO: <core> [tcp_main.c:4657]: init_tcp(): using epoll_lt as the io watch method (auto detected)
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: rr [../outbound/api.h:54]: ob_load_api(): unable to import bind_ob - maybe module is not loaded
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: rr [rr_mod.c:174]: mod_init(): outbound module not available
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: db_text [dbt_base.c:92]: dbt_init(): using database at: /etc/kazoo/kamailio/dbtext
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: auth [auth_mod.c:333]: mod_init(): auth: qop set, but nonce-count (nc_enabled) support disabled
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: usrloc [hslot.c:51]: ul_init_locks(): locks array size 1024
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: db_text [dbt_base.c:92]: dbt_init(): using database at: /etc/kazoo/kamailio/dbtext
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_mod.c:362]: mod_init(): With ECDH-Support!
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_mod.c:365]: mod_init(): With Diffie Hellman
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: permissions [parse_config.c:251]: parse_config_file(): file not found: /etc/kazoo/kamailio/permissions.allow
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: permissions [permissions.c:608]: mod_init(): default allow file (/etc/kazoo/kamailio/permissions.allow) not found => empty rule set
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: permissions [parse_config.c:251]: parse_config_file(): file not found: /etc/kazoo/kamailio/permissions.deny
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: permissions [permissions.c:617]: mod_init(): default deny file (/etc/kazoo/kamailio/permissions.deny) not found => empty rule set
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: db_text [dbt_base.c:92]: dbt_init(): using database at: /etc/kazoo/kamailio/dbtext
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: db_text [dbt_base.c:92]: dbt_init(): using database at: /etc/kazoo/kamailio/dbtext
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_init.c:591]: init_tls_h(): tls: _init_tls_h:  compiled  with  openssl  version "OpenSSL 1.0.1e-fips 11 Feb 2013" (0x1000105f), kerberos support: on, compression: on
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_init.c:599]: init_tls_h(): tls: init_tls_h: installed openssl library version "OpenSSL 1.0.1e-fips 11 Feb 2013" (0x1000105f), kerberos support: on,  zlib compression: on#012 compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
Sep 16 15:17:43 vpbx1 kamailio[24582]: WARNING: tls [tls_init.c:648]: init_tls_h(): tls: openssl bug #1491 (crash/mem leaks on low memory) workarround disabled
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: <core> [cfg/cfg_ctx.c:608]: cfg_set_now(): INFO: cfg_set_now(): tls.low_mem_threshold2 has been changed to 40108032
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: <core> [udp_server.c:150]: probe_max_receive_buffer(): SO_RCVBUF is initially 124928
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: <core> [udp_server.c:200]: probe_max_receive_buffer(): SO_RCVBUF is finally 249856
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: <core> [udp_server.c:150]: probe_max_receive_buffer(): SO_RCVBUF is initially 124928
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: <core> [udp_server.c:200]: probe_max_receive_buffer(): SO_RCVBUF is finally 249856
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: <core> [udp_server.c:150]: probe_max_receive_buffer(): SO_RCVBUF is initially 124928
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: <core> [udp_server.c:200]: probe_max_receive_buffer(): SO_RCVBUF is finally 249856
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: <core> [udp_server.c:150]: probe_max_receive_buffer(): SO_RCVBUF is initially 124928
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: <core> [udp_server.c:200]: probe_max_receive_buffer(): SO_RCVBUF is finally 249856
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:276]: fill_missing(): TLSs<default>: tls_method=3
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:288]: fill_missing(): TLSs<default>: certificate='/etc/kazoo/kamailio/certs/CACertificate-INTERMEDIATE-1.cer'
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:295]: fill_missing(): TLSs<default>: ca_list='(null)'
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:302]: fill_missing(): TLSs<default>: crl='(null)'
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:306]: fill_missing(): TLSs<default>: require_certificate=0
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:313]: fill_missing(): TLSs<default>: cipher_list='(null)'
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:320]: fill_missing(): TLSs<default>: private_key='/etc/kazoo/kamailio/certs/private_key.txt'
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:324]: fill_missing(): TLSs<default>: verify_certificate=0
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:327]: fill_missing(): TLSs<default>: verify_depth=9
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:671]: set_verification(): TLSs<default>: No client certificate required and no checks performed
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:276]: fill_missing(): TLSc<default>: tls_method=12
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:288]: fill_missing(): TLSc<default>: certificate='(null)'
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:295]: fill_missing(): TLSc<default>: ca_list='(null)'
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:302]: fill_missing(): TLSc<default>: crl='(null)'
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:306]: fill_missing(): TLSc<default>: require_certificate=0
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:313]: fill_missing(): TLSc<default>: cipher_list='(null)'
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:320]: fill_missing(): TLSc<default>: private_key='(null)'
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:324]: fill_missing(): TLSc<default>: verify_certificate=0
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:327]: fill_missing(): TLSc<default>: verify_depth=9
Sep 16 15:17:43 vpbx1 kamailio[24582]: INFO: tls [tls_domain.c:674]: set_verification(): TLSc<default>: Server MAY present invalid certificate
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: tls [tls_domain.c:1095]: load_private_key(): TLSs<default>: Unable to load private key '/etc/kazoo/kamailio/certs/private_key.txt'
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_private_key:error:0906D06C:PEM routines:PEM_read_bio:no start line
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_private_key:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: tls [tls_domain.c:1095]: load_private_key(): TLSs<default>: Unable to load private key '/etc/kazoo/kamailio/certs/private_key.txt'
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_private_key:error:0906D06C:PEM routines:PEM_read_bio:no start line
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_private_key:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: tls [tls_domain.c:1095]: load_private_key(): TLSs<default>: Unable to load private key '/etc/kazoo/kamailio/certs/private_key.txt'
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_private_key:error:0906D06C:PEM routines:PEM_read_bio:no start line
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_private_key:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: tls [tls_domain.c:1103]: load_private_key(): TLSs<default>: Unable to load private key file '/etc/kazoo/kamailio/certs/private_key.txt'
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: <core> [sr_module.c:929]: init_mod_child(): Error while initializing module tls (/usr/lib64/kamailio/modules/tls.so)
Sep 16 15:17:43 vpbx1 kamailio[24582]: ERROR: <core> [main.c:1533]: main_loop(): error in init_child(PROC_INT) -- exiting
Sep 16 15:17:43 vpbx1 kamailio[24582]: WARNING: <core> [mem/q_malloc.c:429]: qm_free(): WARNING:qm_free: free(0) called from kazoo: kz_amqp.c: kz_amqp_destroy_server(577) 

Thanks,
Himanshu Sharma