Same logs like with before with previous certificate? Can you attach log messages with debug=3?
Cheers, Daniel On 27.05.21 20:13, David Villasmil wrote: > Yep i just tried that :) > > I don't get an error on the CLI: > > # secsipidx -sign-full -orig-tn 493044448888 -dest-tn 493055559999 > -attest A -x5u http://asipto.lab/stir/cert.pem > <http://asipto.lab/stir/cert.pem> -k ec256-private.pem > eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cDovL2FzaXB0by5sYWIvc3Rpci9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI0OTMwNTU1NTk5OTkiXX0sImlhdCI6MTYyMjEzOTE1Nywib3JpZyI6eyJ0biI6IjQ5MzA0NDQ0ODg4OCJ9LCJvcmlnaWQiOiIxOWE5OWY2ZS1mZWE5LTQyYmEtYmU2ZC1lNDZkNjZkMGIzNjcifQ.64Z_uNPA5frA20nqurHxOD8qLtuvcGeMxmx0ZhBmSWFoeEU53nHSmEWOsAJC5eiJLuIWfVI9HFhJIKyK6PMrcA;info=<http://asipto.lab/stir/cert.pem > <http://asipto.lab/stir/cert.pem>>;alg=ES256;ppt=shaken > > But still failing in kamailio... > > Regards, > > David Villasmil > email: [email protected] > <mailto:[email protected]> > phone: +34669448337 > > > On Thu, May 27, 2021 at 7:09 PM Daniel-Constantin Mierla > <[email protected] <mailto:[email protected]>> wrote: > > Hello, > > On 27.05.21 19:58, David Villasmil wrote: >> Hello guys, >> >> I want to test secsipid, but i don't yet have the certificate. So >> i thought i'd create a cert like: >> >> openssl req -new -newkey rsa:4096 -nodes -keyout snakeoil.key >> -out snakeoil.csr >> openssl x509 -req -sha256 -days 365 -in snakeoil.csr -signkey >> snakeoil.key -out snakeoil.pem >> >> Then i'm simply doing: >> >> $var(rc) = secsipid_add_identity("$fU", "$rU", "A", "", >> "https://somedomain.com/stir/$rd/cert.pem >> <https://kamailio.org/stir/$rd/cert.pem>", >> "/etc/kamailio/snakeoil.pem"); >> if ( $var(rc) ) { >> xlog("L_ERR", "[STIR/SHAKEN][$ci] Shaken authentication added >> (SIP Identity Header created)\n"); >> } else { >> xlog("L_ERR", "[STIR/SHAKEN][$ci] Failed\n"); >> } >> >> But no matter what i do it silently fails: >> >> INVITE d54c2919-39b6-123a-95a7-0e29a5289b8d} <script>: >> [STIR/SHAKEN][d54c2919-39b6-123a-95a7-0e29a5289b8d] Failed >> >> I have debug on 6, but i don't get more info regarding the error. >> >> Any ideas? > > based on the specs, it should not be the usual ssl/tls > certificate, try to generate them using the guidelines at: > > * https://github.com/asipto/secsipidx#keys-generation > <https://github.com/asipto/secsipidx#keys-generation> > > Cheers, > Daniel > > -- > Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com> > www.twitter.com/miconda <http://www.twitter.com/miconda> -- > www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda> > Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) > * https://www.asipto.com/sw/kamailio-advanced-training-online/ > <https://www.asipto.com/sw/kamailio-advanced-training-online/> > -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online - June 7-10, 2021 (America Timezone) * https://www.asipto.com/sw/kamailio-advanced-training-online/
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
