Re: [SR-Users] STIR/SHAKEN public key

Fantastic, thank you Oleg! Seems to be working!

On Fri, 5 Nov 2021 at 09:15, Oleg Belousov obelousov@gmail.com wrote:

Hi, David. Our CA provided us a single file which consists of such 3 certs, in order you mentioned, so yes - you need to publish a single file in that order: your cert, CA cert, root cert. -- obelousov.tel

On Thu, Nov 4, 2021 at 9:57 PM David Villasmil < david.villasmil.work@gmail.com> wrote:

...

Hello guys,

So the PA sent us 3 files:

1- out cert 2- the intermediate cert 3- the root cert

Should i copy those into a single file in that order and then publish that as the cert.pem in

*secsipid_add_identity("$fU", "$rU", "A", "", "https://kamailio.org/stir/$rd/cert.pem https://kamailio.org/stir/$rd/cert.pem", "/secsipid/$rd/key.pem");*

?? Regards,

David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337

On Thu, Nov 4, 2021 at 6:55 PM David Villasmil < david.villasmil.work@gmail.com> wrote:

...

Yep, that much was clear from the outset. The wording on the docs confused me, because it reads "public key". BUt now i see it's the cert and the client will get the pk from the cert. Thanks for taking the time to explain!

Regards,

David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337

On Thu, Nov 4, 2021 at 6:35 PM Ben Kaufman bkaufman@nexvortex.com wrote:

...

Not sure if it was clarified or not, but it should be an https URL from where your certificate can be downloaded, not the actual certificate itself.

*Ben Kaufman*

*From:* sr-users sr-users-bounces@lists.kamailio.org * On Behalf Of *David Villasmil *Sent:* Thursday, November 4, 2021 12:00 PM *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Subject:* Re: [SR-Users] STIR/SHAKEN public key

Thanks Oleg, i misunderstood all that.

Regards,

David Villasmil

email: david.villasmil.work@gmail.com

phone: +34669448337

On Thu, Nov 4, 2021 at 4:58 PM Oleg Belousov obelousov@gmail.com wrote:

Hi.

It should be certificate issued by CA certified by the Shaken Policy Administrator (iConnective in US)..

-- obelousov.tel https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fobelousov.tel%2F&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tGrsS8EC2s%2BbcpseVdLDm0Z7NHSeIrklPzzAJC3TskE%3D&reserved=0

On Thu, Nov 4, 2021 at 5:39 PM David Villasmil < david.villasmil.work@gmail.com> wrote:

Hello guys,

I'm testing with 2 providers right now, and one of them is asking me to include my whole certificate on the

*secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)*

like:

*secsipid_add_identity("$fU", "$rU", "A", "", "https://kamailio.org/stir/$rd/cert.pem https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkamailio.org%2Fstir%2F%24rd%2Fcert.pem&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9hcmnq0bD4n89HczPIHjyb54ZDdi8RBfwP%2FqyjoQuas%3D&reserved=0", "/secsipid/$rd/key.pem");*

but it is stated that:

*x5u is the HTTP URL referencing to the public key that should be used to verify the signature;*

One provider is asking to put the cert there, the other hasn't asked that yet.

So i'm a little confused, should the x5u be the actual cert (with its intermediary?) or only the public key?

Regards,

David Villasmil

email: david.villasmil.work@gmail.com

phone: +34669448337

---

Kamailio - Users Mailing List - Non Commercial Discussions

• sr-users@lists.kamailio.org

Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

• https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732882586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uRjM0WyJo9gGwBRdIWdceKbmlet40rpx1ack%2BYuglz4%3D&reserved=0

---

Kamailio - Users Mailing List - Non Commercial Discussions

• sr-users@lists.kamailio.org

Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

• https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732892544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=o4mIwPXxb6Vp%2BTbDXcV7DBkC1TCIq%2BjaTPk6T1ZYvck%3D&reserved=0

---

Kamailio - Users Mailing List - Non Commercial Discussions

• sr-users@lists.kamailio.org

Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

• https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

---

Kamailio - Users Mailing List - Non Commercial Discussions

• sr-users@lists.kamailio.org

Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

• https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

---

Kamailio - Users Mailing List - Non Commercial Discussions

• sr-users@lists.kamailio.org

Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

• https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users