[OpenSIPS-Users] Issue with stir and shaken crl_list

Mickael Hubert mickael at winlux.fr
Wed Jul 19 12:47:42 UTC 2023


Hi all,
I'm working on stir and shaken, and I want to include all revoked
certificates.
I my list in DER format, I use this command to transform it to PEM format:
openssl crl -in man_crl.der -inform DER -outform PEM -out crl.pem

there is no erreur, I can read pem format (crl.pem):
-----BEGIN X509 CRL-----
....
-----END X509 CRL-----

I configured opensips with this:
modparam("stir_shaken", "crl_list", "/etc/opensips/stir-shaken-ca/crl.pem")

but I have an error:
ul 19 12:39:07 [12] INFO:stir_shaken:verify_callback: certificate
validation failed: unable to get certificate CRL
Jul 19 12:39:07 [12] INFO:stir_shaken:w_stir_verify: Invalid certificate

Can you tell me, what is exactly the correct format please ?

Thanks in advance !
++
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230719/e89457e5/attachment.html>


More information about the Users mailing list