<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Same logs like with before with previous certificate? Can you
attach log messages with debug=3?<br>
</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 27.05.21 20:13, David Villasmil
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAFGRPVpPbzboWDd8Zo1q61RMLBTWkT67XJrfxEpGF6r0eS063w@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Yep i just tried that :)
<div><br>
</div>
<div>I don't get an error on the CLI:</div>
<div><br>
</div>
<div><font face="monospace"># secsipidx -sign-full -orig-tn
493044448888 -dest-tn 493055559999 -attest A -x5u <a
href="http://asipto.lab/stir/cert.pem"
moz-do-not-send="true">http://asipto.lab/stir/cert.pem</a>
-k ec256-private.pem<br>
eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cDovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjEzOTE1Nywib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiIxOWE5OWY2ZS1mZWE5LTQyYmEtYmU2ZC1lNDZkNjZkMGIzNjcifQ.64Z_uNPA5frA20nqurHxOD8qLtuvcGeMxmx0ZhBmSWFoeEU53nHSmEWOsAJC5eiJLuIWfVI9HFhJIKyK6PMrcA;info=<<a
href="http://asipto.lab/stir/cert.pem"
moz-do-not-send="true">http://asipto.lab/stir/cert.pem</a>>;alg=ES256;ppt=shaken</font><br>
</div>
<div><br>
</div>
<div>But still failing in kamailio...</div>
<div><br clear="all">
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>Regards,</div>
<div><br>
</div>
David Villasmil
<div>email: <a
href="mailto:david.villasmil.work@gmail.com"
target="_blank" moz-do-not-send="true">david.villasmil.work@gmail.com</a></div>
<div>phone: +34669448337</div>
</div>
</div>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, May 27, 2021 at 7:09
PM Daniel-Constantin Mierla <<a
href="mailto:miconda@gmail.com" moz-do-not-send="true">miconda@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello,</p>
<div>On 27.05.21 19:58, David Villasmil wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hello guys,<br>
</div>
<div><br>
</div>
<div>I want to test secsipid, but i don't yet have the
certificate. So i thought i'd create a cert like:</div>
<div><br>
</div>
<div>openssl req -new -newkey rsa:4096 -nodes -keyout
snakeoil.key -out snakeoil.csr<br>
openssl x509 -req -sha256 -days 365 -in snakeoil.csr
-signkey snakeoil.key -out snakeoil.pem<br>
</div>
<div><br>
</div>
<div>Then i'm simply doing:</div>
<div><br>
</div>
<div><font face="monospace">$var(rc) =
secsipid_add_identity("$fU", "$rU", "A", "", "<a
href="https://kamailio.org/stir/$rd/cert.pem"
target="_blank" moz-do-not-send="true">https://somedomain.com/stir/$rd/cert.pem</a>",
"/etc/kamailio/snakeoil.pem");<br>
if ( $var(rc) ) {<br>
xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken
authentication added (SIP Identity Header
created)\n");<br>
} else {<br>
xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n");<br>
}</font><br>
</div>
<div><br>
</div>
<div>But no matter what i do it silently fails:</div>
<div><br>
</div>
<div><font face="monospace">INVITE
d54c2919-39b6-123a-95a7-0e29a5289b8d}
<script>:
[STIR/SHAKEN][d54c2919-39b6-123a-95a7-0e29a5289b8d]
Failed</font><br>
</div>
<div><br>
</div>
<div>I have debug on 6, but i don't get more info
regarding the error.</div>
<div><br>
</div>
<div>Any ideas?</div>
</div>
</blockquote>
<p>based on the specs, it should not be the usual ssl/tls
certificate, try to generate them using the guidelines at:</p>
<p> * <a
href="https://github.com/asipto/secsipidx#keys-generation"
target="_blank" moz-do-not-send="true">https://github.com/asipto/secsipidx#keys-generation</a></p>
<p>Cheers,<br>
Daniel<br>
</p>
<pre cols="72">--
Daniel-Constantin Mierla -- <a href="http://www.asipto.com" target="_blank" moz-do-not-send="true">www.asipto.com</a>
<a href="http://www.twitter.com/miconda" target="_blank" moz-do-not-send="true">www.twitter.com/miconda</a> -- <a href="http://www.linkedin.com/in/miconda" target="_blank" moz-do-not-send="true">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)
* <a href="https://www.asipto.com/sw/kamailio-advanced-training-online/" target="_blank" moz-do-not-send="true">https://www.asipto.com/sw/kamailio-advanced-training-online/</a></pre>
</div>
</blockquote>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)
* <a class="moz-txt-link-freetext" href="https://www.asipto.com/sw/kamailio-advanced-training-online/">https://www.asipto.com/sw/kamailio-advanced-training-online/</a></pre>
</body>
</html>