Thanks a lot Wadii for your answer I already use sqlcacher for all public keys, but for my private key, I want to store it securely (maybe crypted it, if I use a DB) for your needs, you catch your private key with rest_client.so, right ? In France we get all keys thanks to the French state's central API, and this API is protected by Oauth2 authentication, so I think use an external dev. ++
Le lun. 29 mai 2023 à 17:01, Wadii ELMAJDI | Evenmedia <wa...@evenmedia.fr> a écrit : > Hello Mickael > > if the goal is only to keep your key out of opensips plain sight, the > simplest way is using exec.so module, load the private key from a local > file or an external data source with an external command, and then store it > securely in the local cache for future calls stirshaken signing. > > you could also use the rest_client.so module and get your key/certificate > from a secure external webservice (my personal fav) > > another option is avpops module to get your private key from a sql > database on demand (or sqlcacher to full cache your table on script startup) > > in case you're considering using the avpops module with its default table, > the value column can by default only hold 128 characters. for an RSA > private key in PEM format, it can go up to 800 chars. > > hope this helps > > > > *De :* Users <users-boun...@lists.opensips.org> *De la part de* Mickael > Hubert > *Envoyé :* lundi 29 mai 2023 14:55 > *À :* OpenSIPS users mailling list <users@lists.opensips.org> > *Objet :* Re: [OpenSIPS-Users] Stir Shaken: Failed to load certificate > > > > Hi, > > Can you tell me what is the best way to load our private key please ? > > It would be great not to have it as clear text in opensips's configuration. > > > > thanks in advance > > > > Le lun. 21 nov. 2022 à 13:39, ryan embgrets <rembgr...@gmail.com> a > écrit : > > That was it. > > > > Working flawlessly.Thanks Vlad Patrascu > > Ryan > > > > On Mon, 21 Nov 2022 at 17:24, Vlad Patrascu <vl...@opensips.org> wrote: > > Hi Ryan, > > You have to provide to the stir_shaken_auth() function the actual > content of the certificate file and not just the path. The same goes for > the private key. > > Regards, > > -- > Vlad Patrascu > OpenSIPS Core Developer > http://www.opensips-solutions.com > > On 21.11.2022 14:02, ryan embgrets wrote: > > Greetings > > > > I am trying to generate an Identity header by using the stir_shaken > > module of the opensips. > > > > But I am encountering the below error each time upon call. > > > > Nov 21 11:15:20 local /usr/sbin/opensips[5051]: > > ERROR:stir_shaken:w_stir_verify: Failed to load certificate > > Nov 21 11:15:20 local /usr/sbin/opensips[5051]: > > ERROR:stir_shaken:load_cert: Failed to parse certificate > > > > #Module section. > > loadmodule "stir_shaken.so" > > > > route{ > > > > $var(cert) = "/etc/opensips/certs.pem"; > > $var(privKey) = "/etc/opensips/key.pem"; > > stir_shaken_auth("A", "",$var(cert), $var(privKey), > > "https://domain.org/cert.pem"); > > } > > > > Though the cert looks valid, has proper permission for the opensips to > > access them and cross checked with openssl for the verification. > > > > Any pointer on what might be causing this? > > > > Ryan > > > > _______________________________________________ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users