<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hello,</p>
    <div class="moz-cite-prefix">On 27.05.21 19:58, David Villasmil
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAFGRPVopC-HjDYm5yatm=3zDxjbW66jw7dFp97zboELmxF=pvQ@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <div>Hello guys,<br>
        </div>
        <div><br>
        </div>
        <div>I want to test secsipid, but i don't yet have the
          certificate. So i thought i'd create a cert like:</div>
        <div><br>
        </div>
        <div>openssl req -new -newkey rsa:4096 -nodes -keyout
          snakeoil.key -out snakeoil.csr<br>
          openssl x509 -req -sha256 -days 365 -in snakeoil.csr -signkey
          snakeoil.key -out snakeoil.pem<br>
        </div>
        <div><br>
        </div>
        <div>Then i'm simply doing:</div>
        <div><br>
        </div>
        <div><font face="monospace">$var(rc) =
            secsipid_add_identity("$fU", "$rU", "A", "", "<a
              href="https://kamailio.org/stir/$rd/cert.pem"
              target="_blank" style="" moz-do-not-send="true">https://somedomain.com/stir/$rd/cert.pem</a>",
            "/etc/kamailio/snakeoil.pem");<br>
            if ( $var(rc) ) {<br>
                xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken authentication
            added (SIP Identity Header created)\n");<br>
            } else {<br>
                xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n");<br>
            }</font><br>
        </div>
        <div><br>
        </div>
        <div>But no matter what i do it silently fails:</div>
        <div><br>
        </div>
        <div><font face="monospace">INVITE
            d54c2919-39b6-123a-95a7-0e29a5289b8d} <script>:
            [STIR/SHAKEN][d54c2919-39b6-123a-95a7-0e29a5289b8d] Failed</font><br>
        </div>
        <div><br>
        </div>
        <div>I have debug on 6, but i don't get more info regarding the
          error.</div>
        <div><br>
        </div>
        <div>Any ideas?</div>
      </div>
    </blockquote>
    <p>based on the specs, it should not be the usual ssl/tls
      certificate, try to generate them using the guidelines at:</p>
    <p>  * <a class="moz-txt-link-freetext" href="https://github.com/asipto/secsipidx#keys-generation">https://github.com/asipto/secsipidx#keys-generation</a></p>
    <p>Cheers,<br>
      Daniel<br>
    </p>
    <pre class="moz-signature" cols="72">-- 
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)
  * <a class="moz-txt-link-freetext" href="https://www.asipto.com/sw/kamailio-advanced-training-online/">https://www.asipto.com/sw/kamailio-advanced-training-online/</a></pre>
  </body>
</html>