[OpenSIPS-Users] stir shaken verification
Marcin Groszek
marcin at voipplus.net
Thu Jan 5 00:12:59 UTC 2023
Opensips version 3.1.5
I am having some issues with stir_shaken setup. I am sure this not an
issue with the module, but me.
|stir_shaken_auth works just fine and I am able to sign the calls,
however I was unable to find any document how to use a ca file available
for download at iconectiv/download-list as well as via API. They do come
in as jwt file, but after little manipulation individual certificates
can be extracted, and the first one is the root certificate; I think,
and the rest are trusted STI-CA. ||I guess my question is how do I use
this file or any other cert file as |"ca_list" and/or "ca_dir" .
After weeks and hundreds attempts I was unsuccessful, and I was unable
to locate any document explaining preparation/setup/steps to setup
verification.
All I get is :
ERROR:stir_shaken:load_cert: Failed to parse certificate
ERROR:stir_shaken:w_stir_verify: Failed to load certificate
on INVITE with valid identity header.
When I remove or replaceĀ "ca_list" file with something bogus opensips
does not even startĀ with errors:
ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs
ERROR:core:init_mod: failed to initialize module stir_shaken
I would really appreciate some guidance on this one.
||
||
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230104/2eddc53a/attachment.html>
More information about the Users
mailing list