[SR-Users] STIR/SHAKEN public key
David Villasmil
david.villasmil.work at gmail.com
Fri Nov 5 12:13:13 CET 2021
Fantastic, thank you Oleg!
Seems to be working!
On Fri, 5 Nov 2021 at 09:15, Oleg Belousov <obelousov at gmail.com> wrote:
> Hi, David.
> Our CA provided us a single file which consists of such 3 certs, in order
> you mentioned, so yes - you need to publish a single file in that order:
> your cert, CA cert, root cert.
> --
> obelousov.tel
>
>
> On Thu, Nov 4, 2021 at 9:57 PM David Villasmil <
> david.villasmil.work at gmail.com> wrote:
>
>> Hello guys,
>>
>> So the PA sent us 3 files:
>>
>> 1- out cert
>> 2- the intermediate cert
>> 3- the root cert
>>
>> Should i copy those into a single file in that order and then publish
>> that as the cert.pem in
>>
>> *secsipid_add_identity("$fU", "$rU", "A", "",
>> "https://kamailio.org/stir/$rd/cert.pem
>> <https://kamailio.org/stir/$rd/cert.pem>", "/secsipid/$rd/key.pem");*
>>
>>
>> ??
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.work at gmail.com
>> phone: +34669448337
>>
>>
>> On Thu, Nov 4, 2021 at 6:55 PM David Villasmil <
>> david.villasmil.work at gmail.com> wrote:
>>
>>> Yep, that much was clear from the outset.
>>> The wording on the docs confused me, because it reads "public key". BUt
>>> now i see it's the cert and the client will get the pk from the cert.
>>> Thanks for taking the time to explain!
>>>
>>> Regards,
>>>
>>> David Villasmil
>>> email: david.villasmil.work at gmail.com
>>> phone: +34669448337
>>>
>>>
>>> On Thu, Nov 4, 2021 at 6:35 PM Ben Kaufman <bkaufman at nexvortex.com>
>>> wrote:
>>>
>>>> Not sure if it was clarified or not, but it should be an https URL from
>>>> where your certificate can be downloaded, not the actual certificate itself.
>>>>
>>>>
>>>>
>>>> *Ben Kaufman*
>>>>
>>>>
>>>>
>>>> *From:* sr-users <sr-users-bounces at lists.kamailio.org> * On Behalf Of *David
>>>> Villasmil
>>>> *Sent:* Thursday, November 4, 2021 12:00 PM
>>>> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
>>>> *Subject:* Re: [SR-Users] STIR/SHAKEN public key
>>>>
>>>>
>>>>
>>>> Thanks Oleg, i misunderstood all that.
>>>>
>>>> Regards,
>>>>
>>>>
>>>>
>>>> David Villasmil
>>>>
>>>> email: david.villasmil.work at gmail.com
>>>>
>>>> phone: +34669448337
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Nov 4, 2021 at 4:58 PM Oleg Belousov <obelousov at gmail.com>
>>>> wrote:
>>>>
>>>> Hi.
>>>>
>>>> It should be certificate issued by CA certified by the Shaken Policy
>>>> Administrator (iConnective in US)..
>>>>
>>>> --
>>>> obelousov.tel
>>>> <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fobelousov.tel%2F&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tGrsS8EC2s%2BbcpseVdLDm0Z7NHSeIrklPzzAJC3TskE%3D&reserved=0>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Nov 4, 2021 at 5:39 PM David Villasmil <
>>>> david.villasmil.work at gmail.com> wrote:
>>>>
>>>> Hello guys,
>>>>
>>>> I'm testing with 2 providers right now, and one of them is asking me to
>>>> include my whole certificate on the
>>>>
>>>> *secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)*
>>>>
>>>> like:
>>>>
>>>> *secsipid_add_identity("$fU", "$rU", "A", "",
>>>> "https://kamailio.org/stir/$rd/cert.pem
>>>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkamailio.org%2Fstir%2F%24rd%2Fcert.pem&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9hcmnq0bD4n89HczPIHjyb54ZDdi8RBfwP%2FqyjoQuas%3D&reserved=0>",
>>>> "/secsipid/$rd/key.pem");*
>>>>
>>>> but it is stated that:
>>>>
>>>> *x5u is the HTTP URL referencing to the public key that should be used
>>>> to verify the signature;*
>>>>
>>>> One provider is asking to put the cert there, the other hasn't asked
>>>> that yet.
>>>>
>>>> So i'm a little confused, should the x5u be the actual cert (with its
>>>> intermediary?) or only the public key?
>>>>
>>>> Regards,
>>>>
>>>> David Villasmil
>>>>
>>>> email: david.villasmil.work at gmail.com
>>>>
>>>> phone: +34669448337
>>>>
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>> * sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732882586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uRjM0WyJo9gGwBRdIWdceKbmlet40rpx1ack%2BYuglz4%3D&reserved=0>
>>>>
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>> * sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732892544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=o4mIwPXxb6Vp%2BTbDXcV7DBkC1TCIq%2BjaTPk6T1ZYvck%3D&reserved=0>
>>>>
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>> * sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
--
Regards,
David Villasmil
email: david.villasmil.work at gmail.com
phone: +34669448337
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20211105/2644327d/attachment.htm>
More information about the sr-users
mailing list