[OpenSIPS-Users] Issue with stir and shaken crl_list

Mickael Hubert mickael at winlux.fr
Tue Jul 25 12:47:39 UTC 2023


Hi Razvan,
Thanks a lot.
I loaded the CRL for CA and certs and opensips start correctly ;)

Have a good day !

Le lun. 24 juil. 2023 à 16:07, Răzvan Crainea <razvan at opensips.org> a
écrit :

> Hi, Mickael!
>
> I don't have much experience with this, but a first search would point
> to this [1] answer, which seems reasonable to me: you need to provide
> the CRL of the entire path, not only of your intermediate cert. Did you
> try that?
>
> [1] https://stackoverflow.com/a/47398918
>
> Best regards,
>
> Răzvan Crainea
> OpenSIPS Core Developer
> http://www.opensips-solutions.com
>
> On 7/19/23 15:47, Mickael Hubert wrote:
> > Hi all,
> > I'm working on stir and shaken, and I want to include all revoked
> > certificates.
> > I my list in DER format, I use this command to transform it to
> PEM format:
> > openssl crl -in man_crl.der -inform DER -outform PEM -out crl.pem
> >
> > there is no erreur, I can read pem format (crl.pem):
> > -----BEGIN X509 CRL-----
> > ....
> > -----END X509 CRL-----
> >
> > I configured opensips with this:
> > modparam("stir_shaken", "crl_list",
> "/etc/opensips/stir-shaken-ca/crl.pem")
> >
> > but I have an error:
> > ul 19 12:39:07 [12] INFO:stir_shaken:verify_callback: certificate
> > validation failed: unable to get certificate CRL
> > Jul 19 12:39:07 [12] INFO:stir_shaken:w_stir_verify: Invalid certificate
> >
> > Can you tell me, what is exactly the correct format please ?
> >
> > Thanks in advance !
> > ++
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230725/9ec8b9fa/attachment.html>


More information about the Users mailing list