[SR-Users] secsipid certificate issue for STIRSHAKEN

[Martin Nyström via sr-users]

Hi,

I’ve used Peeringhub to generate certificates for STIRSHAKEN. They have given 
me one 481L.crt and stir_private_key.pem.

However, I am having issues using these in Kamailio. All Kamailio does on 
secsipid_add_identity is return an ambigious error “failed to get identity 
header body (0)” even with higher debug level.

secsipid_add_identity("$fU", "$rU", "A", "$fU", 
"/etc/kamailio/certificates/stirshaken20251002/481L.crt", 
"/etc/kamailio/certificates/stirshaken20251002/stir_private_key.pem ");

Both the crt and the key have kamailio as owner and chmod 640. I am wondering 
if the certificates are not compatible with Kamailio.

Here’s the result of: openssl x509 -in 481L.crt -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ec:0b:c0:fb:69:40:35:03:0e:7e:22:8f:12:3e:d3:0e
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C = US, O = Peeringhub Inc, OU = Certification Authorities, CN 
= Peeringhub Inc SHAKEN Intermediate CA 2
        Validity
            Not Before: Oct  2 12:12:51 2025 GMT
            Not After : Oct  2 12:12:51 2026 GMT
        Subject: C = US, ST = WA, L = Washington DC, O = Connectel AB, CN = 
SHAKEN 481L 1759407171535
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:ab:b3:21:c9:6e:20:fc:f4:43:89:e6:30:88:1f:
                    87:3c:38:f5:7d:ac:2c:06:3b:38:f6:11:ba:68:d1:
                    82:cb:1d:e6:f6:ee:0c:92:ef:66:64:8c:98:73:8b:
                    a2:6a:9d:06:33:62:1d:d3:ec:cd:f1:4f:ee:d2:09:
                    95:ba:98:ae:f7
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                B8:D8:8C:F6:00:A7:3B:3D:87:58:2C:54:4A:7E:13:6D:F8:71:9B:8D
            X509v3 Authority Key Identifier:
                
keyid:AE:A1:73:51:88:29:57:11:CA:0C:A9:F4:B1:0A:6E:4E:B8:4B:4D:07

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114569.1.1.4

            1.3.6.1.5.5.7.1.26:
                0.....481L
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:https://authenticate-api.iconectiv.com/download/v1/crl
                CRL Issuer:
                  DirName:L = Bridgewater, ST = NJ, CN = STI-PA CRL, C = US, O 
= STI-PA

    Signature Algorithm: ecdsa-with-SHA256
         30:46:02:21:00:bb:18:07:ee:90:6d:a3:6f:0d:d5:af:49:82:
         f5:ea:aa:5c:03:74:87:22:28:a2:24:5c:02:05:f6:de:ca:82:
         c8:02:21:00:87:db:0a:48:2c:a7:7a:6f:87:2e:93:14:9a:04:
         34:4d:1b:07:0b:bf:f2:61:37:8c:c5:85:67:68:ac:0c:9d:08



Here’s the filtered result of: openssl pkey -in 
/etc/kamailio/certificates/stirshaken20251002/stir_private_key.pem -text -noout

Private-Key: (256 bit)
priv: <FILTERED>
pub: 04:ab:b3:21:...
ASN1 OID: prime256v1
NIST CURVE: P-256



Thanks for any help,


/M

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions -- 
sr-users@lists.kamailio.org
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!