ā04-15-2024 01:05 AM
My expressway version is X12.6.1,Mutual TLS mode is on, both the CA certificate and the server certificate have been imported, then
configured an dns zone with TLS verify mode is on ,also have TLS verify subject name,
When I initiated the call, I found that the DNS first queried an SRV record containing port number 5062, but the expressway continued to query the A record and finally initiated a connection to port 5060 on the other end, instead of using port 5062
Solved! Go to Solution.
ā04-16-2024 01:00 AM
Every possible issue is there in your screenshots^^
Why is the SRV record resolved to an IP address? SRV records are resolved to A-Records (FQDN). And then the corrisponding A-Record is resolved to an IP address
You cannot even establish a secure connection on port 5061. The TLS negotiation is cancelled (see your second screenshot).
and your last screenshot provides you with why:
ā04-16-2024 11:06 PM
If you problem could be resolved, I would appreciate an "accepted solution"
ā04-15-2024 01:12 AM
You should update your Expressway. X12.6.1 is a veeery old version.
About your problem: Why should the Expressway not query the A record? How else should the Expressway find the IP address?
Maybe port 5062 is not enabled on the other side, or doesn't support mTLS? Maybe you should check the other side first, instead of looking for an issue in Exp.
ā04-15-2024 02:00 AM
other side mtls is enable and 5062 is listening,expressway check connectivity is ok
ā04-15-2024 02:02 AM
Have you checked the network logs? Have you checked the pcap trace?
Without any logs, it could be anything.
ā04-15-2024 07:42 PM
ā04-16-2024 01:00 AM
Every possible issue is there in your screenshots^^
Why is the SRV record resolved to an IP address? SRV records are resolved to A-Records (FQDN). And then the corrisponding A-Record is resolved to an IP address
You cannot even establish a secure connection on port 5061. The TLS negotiation is cancelled (see your second screenshot).
and your last screenshot provides you with why:
ā04-16-2024 08:03 PM
Thank you , my problem is solved. The reason is that the IP address is directly filled in the SRV record.
ā04-16-2024 11:06 PM
If you problem could be resolved, I would appreciate an "accepted solution"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide