[OpenSIPS-Users] Issue with stir and shaken crl_list
Mickael Hubert
mickael at winlux.fr
Wed Jul 26 13:38:52 UTC 2023
Hi Razvan,
another question about crl_list, when crl list changed, what is the best
way to reload this list in OpenSIPS memory ? restart it ? or another way ?
I know the crl_list can change each day, so if I have to restart opensips
each day, it's not very practical.
thanks in advance
Le mar. 25 juil. 2023 à 14:47, Mickael Hubert <mickael at winlux.fr> a écrit :
> Hi Razvan,
> Thanks a lot.
> I loaded the CRL for CA and certs and opensips start correctly ;)
>
> Have a good day !
>
> Le lun. 24 juil. 2023 à 16:07, Răzvan Crainea <razvan at opensips.org> a
> écrit :
>
>> Hi, Mickael!
>>
>> I don't have much experience with this, but a first search would point
>> to this [1] answer, which seems reasonable to me: you need to provide
>> the CRL of the entire path, not only of your intermediate cert. Did you
>> try that?
>>
>> [1] https://stackoverflow.com/a/47398918
>>
>> Best regards,
>>
>> Răzvan Crainea
>> OpenSIPS Core Developer
>> http://www.opensips-solutions.com
>>
>> On 7/19/23 15:47, Mickael Hubert wrote:
>> > Hi all,
>> > I'm working on stir and shaken, and I want to include all revoked
>> > certificates.
>> > I my list in DER format, I use this command to transform it to
>> PEM format:
>> > openssl crl -in man_crl.der -inform DER -outform PEM -out crl.pem
>> >
>> > there is no erreur, I can read pem format (crl.pem):
>> > -----BEGIN X509 CRL-----
>> > ....
>> > -----END X509 CRL-----
>> >
>> > I configured opensips with this:
>> > modparam("stir_shaken", "crl_list",
>> "/etc/opensips/stir-shaken-ca/crl.pem")
>> >
>> > but I have an error:
>> > ul 19 12:39:07 [12] INFO:stir_shaken:verify_callback: certificate
>> > validation failed: unable to get certificate CRL
>> > Jul 19 12:39:07 [12] INFO:stir_shaken:w_stir_verify: Invalid certificate
>> >
>> > Can you tell me, what is exactly the correct format please ?
>> >
>> > Thanks in advance !
>> > ++
>> >
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.opensips.org
>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230726/72bd1431/attachment.html>
More information about the Users
mailing list