<div dir="ltr">Hi, David.<div>Our CA provided us a single file which consists of such 3 certs, in order you mentioned, so yes - you need to publish a single file in that order: your cert, CA cert, root cert.<br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">--<br><a href="http://obelousov.tel" target="_blank">obelousov.tel</a></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Nov 4, 2021 at 9:57 PM David Villasmil <<a href="mailto:david.villasmil.work@gmail.com">david.villasmil.work@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello guys,<div><br></div><div>So the PA sent us 3 files:</div><div><br></div><div>1- out cert</div><div>2- the intermediate cert</div><div>3- the root cert</div><div><br></div><div>Should i copy those into a single file in that order and then publish that as the cert.pem in </div><div><br></div><div><b style="font-family:monospace">secsipid_add_identity("$fU", "$rU", "A", "", "<a href="https://kamailio.org/stir/$rd/cert.pem" target="_blank">https://kamailio.org/stir/$rd/cert.pem</a>", "/secsipid/$rd/key.pem");</b><br></div><div><br></div><div><br></div><div>??<br clear="all"><div><div dir="ltr"><div dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: +34669448337</div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Nov 4, 2021 at 6:55 PM David Villasmil <<a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Yep, that much was clear from the outset.<div>The wording on the docs confused me, because it reads "public key". BUt now i see it's the cert and the client will get the pk from the cert.</div><div>Thanks for taking the time to explain!</div><div><br clear="all"><div><div dir="ltr"><div dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: +34669448337</div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Nov 4, 2021 at 6:35 PM Ben Kaufman <<a href="mailto:bkaufman@nexvortex.com" target="_blank">bkaufman@nexvortex.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">





<div lang="EN-US">
<div>
<p class="MsoNormal">Not sure if it was clarified or not, but it should be an https URL from where your certificate can be downloaded, not the actual certificate itself.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<table border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0in">
<p class="MsoNormal"><b><span style="font-size:12pt;color:black">Ben Kaufman</span></b><span style="font-size:12pt;color:black"><u></u><u></u></span></p>
</td>
</tr>
<tr style="height:12pt">
<td style="padding:0in;height:12pt"></td>
</tr>
<tr style="height:6pt">
<td style="padding:0in;height:6pt"></td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0in 0in">
<p class="MsoNormal"><b>From:</b> sr-users <<a href="mailto:sr-users-bounces@lists.kamailio.org" target="_blank">sr-users-bounces@lists.kamailio.org</a>> <b>
On Behalf Of </b>David Villasmil<br>
<b>Sent:</b> Thursday, November 4, 2021 12:00 PM<br>
<b>To:</b> Kamailio (SER) - Users Mailing List <<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
<b>Subject:</b> Re: [SR-Users] STIR/SHAKEN public key<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Thanks Oleg, i misunderstood all that.<br clear="all">
<u></u><u></u></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Regards,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">David Villasmil<u></u><u></u></p>
<div>
<p class="MsoNormal">email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">
david.villasmil.work@gmail.com</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">phone: +34669448337<u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Thu, Nov 4, 2021 at 4:58 PM Oleg Belousov <<a href="mailto:obelousov@gmail.com" target="_blank">obelousov@gmail.com</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">Hi.<u></u><u></u></p>
<div>
<p class="MsoNormal">It should be certificate issued by CA certified by the Shaken Policy Administrator (iConnective in US)..<br clear="all">
<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal">--<br>
<a href="https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fobelousov.tel%2F&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tGrsS8EC2s%2BbcpseVdLDm0Z7NHSeIrklPzzAJC3TskE%3D&reserved=0" target="_blank">obelousov.tel</a><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Thu, Nov 4, 2021 at 5:39 PM David Villasmil <<a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal"><span style="font-family:Arial,sans-serif">H</span>ello guys,<br>
<br>
I'm testing with 2 providers right now, and one of them is asking me to include my whole certificate on the
<br>
<br>
<b><span style="font-family:"Courier New"">secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)</span></b><br>
<br>
like:<br>
<br>
<b><span style="font-family:"Courier New"">secsipid_add_identity("$fU", "$rU", "A", "", "<a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkamailio.org%2Fstir%2F%24rd%2Fcert.pem&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9hcmnq0bD4n89HczPIHjyb54ZDdi8RBfwP%2FqyjoQuas%3D&reserved=0" target="_blank">https://kamailio.org/stir/$rd/cert.pem</a>",
 "/secsipid/$rd/key.pem");</span></b><br>
<br>
but it is stated that:<br>
<br>
<b><span style="font-family:"Courier New"">x5u is the HTTP URL referencing to the public key that should be used to verify the signature;</span></b><br>
<br>
One provider is asking to put the cert there, the other hasn't asked that yet.<br>
<br>
So i'm  a little confused, should the x5u be the actual cert (with its intermediary?) or only the public key?<br>
<br>
Regards,<br>
<br>
David Villasmil<u></u><u></u></p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">
david.villasmil.work@gmail.com</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">phone: +34669448337<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal">__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
  * <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
  * <a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732882586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uRjM0WyJo9gGwBRdIWdceKbmlet40rpx1ack%2BYuglz4%3D&reserved=0" target="_blank">
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal">__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
  * <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
  * <a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732892544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=o4mIwPXxb6Vp%2BTbDXcV7DBkC1TCIq%2BjaTPk6T1ZYvck%3D&reserved=0" target="_blank">
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><u></u><u></u></p>
</blockquote>
</div>
</div>
</div>

__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
  * <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
  * <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>
</blockquote></div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
  * <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
  * <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>