Hi, David.Our CA provided us a single file which consists of such 3 certs, in order you mentioned, so yes - you need to publish a single file in that order: your cert, CA cert, root cert.__________________________________________________________On Thu, Nov 4, 2021 at 9:57 PM David Villasmil <david.villasmil.work@gmail.com> wrote:Hello guys,So the PA sent us 3 files:1- out cert2- the intermediate cert3- the root certShould i copy those into a single file in that order and then publish that as the cert.pem insecsipid_add_identity("$fU", "$rU", "A", "", "https://kamailio.org/stir/$rd/cert.pem", "/secsipid/$rd/key.pem");__________________________________________________________On Thu, Nov 4, 2021 at 6:55 PM David Villasmil <david.villasmil.work@gmail.com> wrote:Yep, that much was clear from the outset.The wording on the docs confused me, because it reads "public key". BUt now i see it's the cert and the client will get the pk from the cert.Thanks for taking the time to explain!On Thu, Nov 4, 2021 at 6:35 PM Ben Kaufman <bkaufman@nexvortex.com> wrote:__________________________________________________________Not sure if it was clarified or not, but it should be an https URL from where your certificate can be downloaded, not the actual certificate itself.
Ben Kaufman
From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of David Villasmil
Sent: Thursday, November 4, 2021 12:00 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] STIR/SHAKEN public key
Thanks Oleg, i misunderstood all that.
On Thu, Nov 4, 2021 at 4:58 PM Oleg Belousov <obelousov@gmail.com> wrote:
Hi.
It should be certificate issued by CA certified by the Shaken Policy Administrator (iConnective in US)..
On Thu, Nov 4, 2021 at 5:39 PM David Villasmil <david.villasmil.work@gmail.com> wrote:
Hello guys,
I'm testing with 2 providers right now, and one of them is asking me to include my whole certificate on the
secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)
like:
secsipid_add_identity("$fU", "$rU", "A", "", "https://kamailio.org/stir/$rd/cert.pem", "/secsipid/$rd/key.pem");
but it is stated that:
x5u is the HTTP URL referencing to the public key that should be used to verify the signature;
One provider is asking to put the cert there, the other hasn't asked that yet.
So i'm a little confused, should the x5u be the actual cert (with its intermediary?) or only the public key?
Regards,
David Villasmilphone: +34669448337
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users