Answering to myself, I might have solved it by converting the key with “openssl ec -in stir_private_key.pem -out stir_private_key_ec.pem” and using the new key in Kamailio.
Still looking to build some knowledge if anyone have input on this, and why it failed in the first place. /M From: Martin Nyström via sr-users <[email protected]> Date: Thursday, 2 October 2025 at 18:23 To: Kamailio (SER) - Users Mailing List <[email protected]> Cc: Martin Nyström <[email protected]> Subject: [SR-Users] secsipid certificate issue for STIRSHAKEN CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi, I’ve used Peeringhub to generate certificates for STIRSHAKEN. They have given me one 481L.crt and stir_private_key.pem. However, I am having issues using these in Kamailio. All Kamailio does on secsipid_add_identity is return an ambigious error “failed to get identity header body (0)” even with higher debug level. secsipid_add_identity("$fU", "$rU", "A", "$fU", "/etc/kamailio/certificates/stirshaken20251002/481L.crt", "/etc/kamailio/certificates/stirshaken20251002/stir_private_key.pem "); Both the crt and the key have kamailio as owner and chmod 640. I am wondering if the certificates are not compatible with Kamailio. Here’s the result of: openssl x509 -in 481L.crt -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: ec:0b:c0:fb:69:40:35:03:0e:7e:22:8f:12:3e:d3:0e Signature Algorithm: ecdsa-with-SHA256 Issuer: C = US, O = Peeringhub Inc, OU = Certification Authorities, CN = Peeringhub Inc SHAKEN Intermediate CA 2 Validity Not Before: Oct 2 12:12:51 2025 GMT Not After : Oct 2 12:12:51 2026 GMT Subject: C = US, ST = WA, L = Washington DC, O = Connectel AB, CN = SHAKEN 481L 1759407171535 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:ab:b3:21:c9:6e:20:fc:f4:43:89:e6:30:88:1f: 87:3c:38:f5:7d:ac:2c:06:3b:38:f6:11:ba:68:d1: 82:cb:1d:e6:f6:ee:0c:92:ef:66:64:8c:98:73:8b: a2:6a:9d:06:33:62:1d:d3:ec:cd:f1:4f:ee:d2:09: 95:ba:98:ae:f7 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: B8:D8:8C:F6:00:A7:3B:3D:87:58:2C:54:4A:7E:13:6D:F8:71:9B:8D X509v3 Authority Key Identifier: keyid:AE:A1:73:51:88:29:57:11:CA:0C:A9:F4:B1:0A:6E:4E:B8:4B:4D:07 X509v3 Certificate Policies: Policy: 2.16.840.1.114569.1.1.4 1.3.6.1.5.5.7.1.26: 0.....481L X509v3 CRL Distribution Points: Full Name: URI:https://authenticate-api.iconectiv.com/download/v1/crl CRL Issuer: DirName:L = Bridgewater, ST = NJ, CN = STI-PA CRL, C = US, O = STI-PA Signature Algorithm: ecdsa-with-SHA256 30:46:02:21:00:bb:18:07:ee:90:6d:a3:6f:0d:d5:af:49:82: f5:ea:aa:5c:03:74:87:22:28:a2:24:5c:02:05:f6:de:ca:82: c8:02:21:00:87:db:0a:48:2c:a7:7a:6f:87:2e:93:14:9a:04: 34:4d:1b:07:0b:bf:f2:61:37:8c:c5:85:67:68:ac:0c:9d:08 Here’s the filtered result of: openssl pkey -in /etc/kamailio/certificates/stirshaken20251002/stir_private_key.pem -text -noout Private-Key: (256 bit) priv: <FILTERED> pub: 04:ab:b3:21:... ASN1 OID: prime256v1 NIST CURVE: P-256 Thanks for any help, /M
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
