[SR-Users] STIR/SHAKEN public key

Oleg Belousov obelousov at gmail.com
Fri Nov 5 10:10:11 CET 2021 

Hi, David.
Our CA provided us a single file which consists of such 3 certs, in order
you mentioned, so yes - you need to publish a single file in that order:
your cert, CA cert, root cert.
--
obelousov.tel


On Thu, Nov 4, 2021 at 9:57 PM David Villasmil <
david.villasmil.work at gmail.com> wrote:

> Hello guys,
>
> So the PA sent us 3 files:
>
> 1- out cert
> 2- the intermediate cert
> 3- the root cert
>
> Should i copy those into a single file in that order and then publish that
> as the cert.pem in
>
> *secsipid_add_identity("$fU", "$rU", "A", "",
> "https://kamailio.org/stir/$rd/cert.pem
> <https://kamailio.org/stir/$rd/cert.pem>", "/secsipid/$rd/key.pem");*
>
>
> ??
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
>
>
> On Thu, Nov 4, 2021 at 6:55 PM David Villasmil <
> david.villasmil.work at gmail.com> wrote:
>
>> Yep, that much was clear from the outset.
>> The wording on the docs confused me, because it reads "public key". BUt
>> now i see it's the cert and the client will get the pk from the cert.
>> Thanks for taking the time to explain!
>>
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.work at gmail.com
>> phone: +34669448337
>>
>>
>> On Thu, Nov 4, 2021 at 6:35 PM Ben Kaufman <bkaufman at nexvortex.com>
>> wrote:
>>
>>> Not sure if it was clarified or not, but it should be an https URL from
>>> where your certificate can be downloaded, not the actual certificate itself.
>>>
>>>
>>>
>>> *Ben Kaufman*
>>>
>>>
>>>
>>> *From:* sr-users <sr-users-bounces at lists.kamailio.org> * On Behalf Of *David
>>> Villasmil
>>> *Sent:* Thursday, November 4, 2021 12:00 PM
>>> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
>>> *Subject:* Re: [SR-Users] STIR/SHAKEN public key
>>>
>>>
>>>
>>> Thanks Oleg, i misunderstood all that.
>>>
>>> Regards,
>>>
>>>
>>>
>>> David Villasmil
>>>
>>> email: david.villasmil.work at gmail.com
>>>
>>> phone: +34669448337
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Nov 4, 2021 at 4:58 PM Oleg Belousov <obelousov at gmail.com>
>>> wrote:
>>>
>>> Hi.
>>>
>>> It should be certificate issued by CA certified by the Shaken Policy
>>> Administrator (iConnective in US)..
>>>
>>> --
>>> obelousov.tel
>>> <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fobelousov.tel%2F&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tGrsS8EC2s%2BbcpseVdLDm0Z7NHSeIrklPzzAJC3TskE%3D&reserved=0>
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Nov 4, 2021 at 5:39 PM David Villasmil <
>>> david.villasmil.work at gmail.com> wrote:
>>>
>>> Hello guys,
>>>
>>> I'm testing with 2 providers right now, and one of them is asking me to
>>> include my whole certificate on the
>>>
>>> *secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)*
>>>
>>> like:
>>>
>>> *secsipid_add_identity("$fU", "$rU", "A", "",
>>> "https://kamailio.org/stir/$rd/cert.pem
>>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkamailio.org%2Fstir%2F%24rd%2Fcert.pem&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9hcmnq0bD4n89HczPIHjyb54ZDdi8RBfwP%2FqyjoQuas%3D&reserved=0>",
>>> "/secsipid/$rd/key.pem");*
>>>
>>> but it is stated that:
>>>
>>> *x5u is the HTTP URL referencing to the public key that should be used
>>> to verify the signature;*
>>>
>>> One provider is asking to put the cert there, the other hasn't asked
>>> that yet.
>>>
>>> So i'm  a little confused, should the x5u be the actual cert (with its
>>> intermediary?) or only the public key?
>>>
>>> Regards,
>>>
>>> David Villasmil
>>>
>>> email: david.villasmil.work at gmail.com
>>>
>>> phone: +34669448337
>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>   * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732882586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uRjM0WyJo9gGwBRdIWdceKbmlet40rpx1ack%2BYuglz4%3D&reserved=0>
>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>   * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732892544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=o4mIwPXxb6Vp%2BTbDXcV7DBkC1TCIq%2BjaTPk6T1ZYvck%3D&reserved=0>
>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>   * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20211105/88d09b6e/attachment.htm>

More information about the sr-users mailing list