Hello,

On 27.05.21 19:58, David Villasmil wrote:

Hello guys,

I want to test secsipid, but i don't yet have the certificate. So i thought i'd create a cert like:

openssl req -new -newkey rsa:4096 -nodes -keyout snakeoil.key -out snakeoil.csr
openssl x509 -req -sha256 -days 365 -in snakeoil.csr -signkey snakeoil.key -out snakeoil.pem

Then i'm simply doing:

$var(rc) = secsipid_add_identity("$fU", "$rU", "A", "", "https://somedomain.com/stir/$rd/cert.pem", "/etc/kamailio/snakeoil.pem");
if ( $var(rc) ) {
    xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken authentication added (SIP Identity Header created)\n");
} else {
    xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n");
}

But no matter what i do it silently fails:

INVITE d54c2919-39b6-123a-95a7-0e29a5289b8d} <script>: [STIR/SHAKEN][d54c2919-39b6-123a-95a7-0e29a5289b8d] Failed

I have debug on 6, but i don't get more info regarding the error.

Any ideas?

based on the specs, it should not be the usual ssl/tls certificate, try to generate them using the guidelines at:

  * https://github.com/asipto/secsipidx#keys-generation

Cheers,
Daniel

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone)
  * https://www.asipto.com/sw/kamailio-advanced-training-online/