Hi, David. Our CA provided us a single file which consists of such 3 certs, in order you mentioned, so yes - you need to publish a single file in that order: your cert, CA cert, root cert. -- obelousov.tel
On Thu, Nov 4, 2021 at 9:57 PM David Villasmil < david.villasmil.w...@gmail.com> wrote: > Hello guys, > > So the PA sent us 3 files: > > 1- out cert > 2- the intermediate cert > 3- the root cert > > Should i copy those into a single file in that order and then publish that > as the cert.pem in > > *secsipid_add_identity("$fU", "$rU", "A", "", > "https://kamailio.org/stir/$rd/cert.pem > <https://kamailio.org/stir/$rd/cert.pem>", "/secsipid/$rd/key.pem");* > > > ?? > Regards, > > David Villasmil > email: david.villasmil.w...@gmail.com > phone: +34669448337 > > > On Thu, Nov 4, 2021 at 6:55 PM David Villasmil < > david.villasmil.w...@gmail.com> wrote: > >> Yep, that much was clear from the outset. >> The wording on the docs confused me, because it reads "public key". BUt >> now i see it's the cert and the client will get the pk from the cert. >> Thanks for taking the time to explain! >> >> Regards, >> >> David Villasmil >> email: david.villasmil.w...@gmail.com >> phone: +34669448337 >> >> >> On Thu, Nov 4, 2021 at 6:35 PM Ben Kaufman <bkauf...@nexvortex.com> >> wrote: >> >>> Not sure if it was clarified or not, but it should be an https URL from >>> where your certificate can be downloaded, not the actual certificate itself. >>> >>> >>> >>> *Ben Kaufman* >>> >>> >>> >>> *From:* sr-users <sr-users-boun...@lists.kamailio.org> * On Behalf Of *David >>> Villasmil >>> *Sent:* Thursday, November 4, 2021 12:00 PM >>> *To:* Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> >>> *Subject:* Re: [SR-Users] STIR/SHAKEN public key >>> >>> >>> >>> Thanks Oleg, i misunderstood all that. >>> >>> Regards, >>> >>> >>> >>> David Villasmil >>> >>> email: david.villasmil.w...@gmail.com >>> >>> phone: +34669448337 >>> >>> >>> >>> >>> >>> On Thu, Nov 4, 2021 at 4:58 PM Oleg Belousov <obelou...@gmail.com> >>> wrote: >>> >>> Hi. >>> >>> It should be certificate issued by CA certified by the Shaken Policy >>> Administrator (iConnective in US).. >>> >>> -- >>> obelousov.tel >>> <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fobelousov.tel%2F&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tGrsS8EC2s%2BbcpseVdLDm0Z7NHSeIrklPzzAJC3TskE%3D&reserved=0> >>> >>> >>> >>> >>> >>> On Thu, Nov 4, 2021 at 5:39 PM David Villasmil < >>> david.villasmil.w...@gmail.com> wrote: >>> >>> Hello guys, >>> >>> I'm testing with 2 providers right now, and one of them is asking me to >>> include my whole certificate on the >>> >>> *secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)* >>> >>> like: >>> >>> *secsipid_add_identity("$fU", "$rU", "A", "", >>> "https://kamailio.org/stir/$rd/cert.pem >>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkamailio.org%2Fstir%2F%24rd%2Fcert.pem&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732872628%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9hcmnq0bD4n89HczPIHjyb54ZDdi8RBfwP%2FqyjoQuas%3D&reserved=0>", >>> "/secsipid/$rd/key.pem");* >>> >>> but it is stated that: >>> >>> *x5u is the HTTP URL referencing to the public key that should be used >>> to verify the signature;* >>> >>> One provider is asking to put the cert there, the other hasn't asked >>> that yet. >>> >>> So i'm a little confused, should the x5u be the actual cert (with its >>> intermediary?) or only the public key? >>> >>> Regards, >>> >>> David Villasmil >>> >>> email: david.villasmil.w...@gmail.com >>> >>> phone: +34669448337 >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> * sr-users@lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: >>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732882586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uRjM0WyJo9gGwBRdIWdceKbmlet40rpx1ack%2BYuglz4%3D&reserved=0> >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> * sr-users@lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: >>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7Cc7a43b3de31c404450cc08d99fb4ef2f%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637716421732892544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=o4mIwPXxb6Vp%2BTbDXcV7DBkC1TCIq%2BjaTPk6T1ZYvck%3D&reserved=0> >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> * sr-users@lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: >>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * sr-users@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users