Fantastic, thank you Oleg! Seems to be working! On Fri, 5 Nov 2021 at 09:15, Oleg Belousov <[email protected]> wrote:
> Hi, David. > Our CA provided us a single file which consists of such 3 certs, in order > you mentioned, so yes - you need to publish a single file in that order: > your cert, CA cert, root cert. > -- > obelousov.tel > > > On Thu, Nov 4, 2021 at 9:57 PM David Villasmil < > [email protected]> wrote: > >> Hello guys, >> >> So the PA sent us 3 files: >> >> 1- out cert >> 2- the intermediate cert >> 3- the root cert >> >> Should i copy those into a single file in that order and then publish >> that as the cert.pem in >> >> *secsipid_add_identity("$fU", "$rU", "A", "", >> "https://kamailio.org/stir/$rd/cert.pem >> <https://kamailio.org/stir/$rd/cert.pem>", "/secsipid/$rd/key.pem");* >> >> >> ?? >> Regards, >> >> David Villasmil >> email: [email protected] >> phone: +34669448337 >> >> >> On Thu, Nov 4, 2021 at 6:55 PM David Villasmil < >> [email protected]> wrote: >> >>> Yep, that much was clear from the outset. >>> The wording on the docs confused me, because it reads "public key". BUt >>> now i see it's the cert and the client will get the pk from the cert. >>> Thanks for taking the time to explain! >>> >>> Regards, >>> >>> David Villasmil >>> email: [email protected] >>> phone: +34669448337 >>> >>> >>> On Thu, Nov 4, 2021 at 6:35 PM Ben Kaufman <[email protected]> >>> wrote: >>> >>>> Not sure if it was clarified or not, but it should be an https URL from >>>> where your certificate can be downloaded, not the actual certificate >>>> itself. >>>> >>>> >>>> >>>> *Ben Kaufman* >>>> >>>> >>>> >>>> *From:* sr-users <[email protected]> * On Behalf Of >>>> *David >>>> Villasmil >>>> *Sent:* Thursday, November 4, 2021 12:00 PM >>>> *To:* Kamailio (SER) - Users Mailing List <[email protected]> >>>> *Subject:* Re: [SR-Users] STIR/SHAKEN public key >>>> >>>> >>>> >>>> Thanks Oleg, i misunderstood all that. >>>> >>>> Regards, >>>> >>>> >>>> >>>> David Villasmil >>>> >>>> email: [email protected] >>>> >>>> phone: +34669448337 >>>> >>>> >>>> >>>> >>>> >>>> On Thu, Nov 4, 2021 at 4:58 PM Oleg Belousov <[email protected]> >>>> wrote: >>>> >>>> Hi. >>>> >>>> It should be certificate issued by CA certified by the Shaken Policy >>>> Administrator (iConnective in US).. >>>> >>>> -- >>>> obelousov.tel >>>> <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fobelousov.tel%2F&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tGrsS8EC2s%2BbcpseVdLDm0Z7NHSeIrklPzzAJC3TskE%3D&reserved=0> >>>> >>>> >>>> >>>> >>>> >>>> On Thu, Nov 4, 2021 at 5:39 PM David Villasmil < >>>> [email protected]> wrote: >>>> >>>> Hello guys, >>>> >>>> I'm testing with 2 providers right now, and one of them is asking me to >>>> include my whole certificate on the >>>> >>>> *secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)* >>>> >>>> like: >>>> >>>> *secsipid_add_identity("$fU", "$rU", "A", "", >>>> "https://kamailio.org/stir/$rd/cert.pem >>>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkamailio.org%2Fstir%2F%24rd%2Fcert.pem&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9hcmnq0bD4n89HczPIHjyb54ZDdi8RBfwP%2FqyjoQuas%3D&reserved=0>", >>>> "/secsipid/$rd/key.pem");* >>>> >>>> but it is stated that: >>>> >>>> *x5u is the HTTP URL referencing to the public key that should be used >>>> to verify the signature;* >>>> >>>> One provider is asking to put the cert there, the other hasn't asked >>>> that yet. >>>> >>>> So i'm a little confused, should the x5u be the actual cert (with its >>>> intermediary?) or only the public key? >>>> >>>> Regards, >>>> >>>> David Villasmil >>>> >>>> email: [email protected] >>>> >>>> phone: +34669448337 >>>> >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>> * [email protected] >>>> Important: keep the mailing list in the recipients, do not reply only >>>> to the sender! >>>> Edit mailing list options or unsubscribe: >>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732882586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uRjM0WyJo9gGwBRdIWdceKbmlet40rpx1ack%2BYuglz4%3D&reserved=0> >>>> >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>> * [email protected] >>>> Important: keep the mailing list in the recipients, do not reply only >>>> to the sender! >>>> Edit mailing list options or unsubscribe: >>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732892544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=o4mIwPXxb6Vp%2BTbDXcV7DBkC1TCIq%2BjaTPk6T1ZYvck%3D&reserved=0> >>>> >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>> * [email protected] >>>> Important: keep the mailing list in the recipients, do not reply only >>>> to the sender! >>>> Edit mailing list options or unsubscribe: >>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> * [email protected] >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> Edit mailing list options or unsubscribe: >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * [email protected] > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > -- Regards, David Villasmil email: [email protected] phone: +34669448337
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
