Not sure if it was clarified or not, but it should be an https URL from where your certificate can be downloaded, not the actual certificate itself.
Ben Kaufman
From: sr-users sr-users-bounces@lists.kamailio.org On Behalf Of David Villasmil Sent: Thursday, November 4, 2021 12:00 PM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: Re: [SR-Users] STIR/SHAKEN public key
Thanks Oleg, i misunderstood all that. Regards,
David Villasmil email: david.villasmil.work@gmail.commailto:david.villasmil.work@gmail.com phone: +34669448337
On Thu, Nov 4, 2021 at 4:58 PM Oleg Belousov <obelousov@gmail.commailto:obelousov@gmail.com> wrote: Hi. It should be certificate issued by CA certified by the Shaken Policy Administrator (iConnective in US).. -- obelousov.telhttps://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fobelousov.tel%2F&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tGrsS8EC2s%2BbcpseVdLDm0Z7NHSeIrklPzzAJC3TskE%3D&reserved=0
On Thu, Nov 4, 2021 at 5:39 PM David Villasmil <david.villasmil.work@gmail.commailto:david.villasmil.work@gmail.com> wrote: Hello guys,
I'm testing with 2 providers right now, and one of them is asking me to include my whole certificate on the
secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)
like:
secsipid_add_identity("$fU", "$rU", "A", "", "https://kamailio.org/stir/$rd/cert.pemhttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkamailio.org%2Fstir%2F%24rd%2Fcert.pem&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9hcmnq0bD4n89HczPIHjyb54ZDdi8RBfwP%2FqyjoQuas%3D&reserved=0", "/secsipid/$rd/key.pem");
but it is stated that:
x5u is the HTTP URL referencing to the public key that should be used to verify the signature;
One provider is asking to put the cert there, the other hasn't asked that yet.
So i'm a little confused, should the x5u be the actual cert (with its intermediary?) or only the public key?
Regards,
David Villasmil email: david.villasmil.work@gmail.commailto:david.villasmil.work@gmail.com phone: +34669448337 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-usershttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732882586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uRjM0WyJo9gGwBRdIWdceKbmlet40rpx1ack%2BYuglz4%3D&reserved=0 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-usershttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732892544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=o4mIwPXxb6Vp%2BTbDXcV7DBkC1TCIq%2BjaTPk6T1ZYvck%3D&reserved=0