Hello guys,

So the PA sent us 3 files:

1- out cert
2- the intermediate cert
3- the root cert

Should i copy those into a single file in that order and then publish that as the cert.pem in 

secsipid_add_identity("$fU", "$rU", "A", "", "https://kamailio.org/stir/$rd/cert.pem", "/secsipid/$rd/key.pem");


??
Regards,

David Villasmil
phone: +34669448337


On Thu, Nov 4, 2021 at 6:55 PM David Villasmil <david.villasmil.work@gmail.com> wrote:
Yep, that much was clear from the outset.
The wording on the docs confused me, because it reads "public key". BUt now i see it's the cert and the client will get the pk from the cert.
Thanks for taking the time to explain!

Regards,

David Villasmil
phone: +34669448337


On Thu, Nov 4, 2021 at 6:35 PM Ben Kaufman <bkaufman@nexvortex.com> wrote:

Not sure if it was clarified or not, but it should be an https URL from where your certificate can be downloaded, not the actual certificate itself.

 

Ben Kaufman

 

From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of David Villasmil
Sent: Thursday, November 4, 2021 12:00 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] STIR/SHAKEN public key

 

Thanks Oleg, i misunderstood all that.

Regards,

 

David Villasmil

phone: +34669448337

 

 

On Thu, Nov 4, 2021 at 4:58 PM Oleg Belousov <obelousov@gmail.com> wrote:

Hi.

It should be certificate issued by CA certified by the Shaken Policy Administrator (iConnective in US)..

 

 

On Thu, Nov 4, 2021 at 5:39 PM David Villasmil <david.villasmil.work@gmail.com> wrote:

Hello guys,

I'm testing with 2 providers right now, and one of them is asking me to include my whole certificate on the

secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)

like:

secsipid_add_identity("$fU", "$rU", "A", "", "https://kamailio.org/stir/$rd/cert.pem", "/secsipid/$rd/key.pem");

but it is stated that:

x5u is the HTTP URL referencing to the public key that should be used to verify the signature;

One provider is asking to put the cert there, the other hasn't asked that yet.

So i'm  a little confused, should the x5u be the actual cert (with its intermediary?) or only the public key?

Regards,

David Villasmil

phone: +34669448337

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users