Hello, both private key and pub certificate files have to be in pem format. The readme of the secsipidx project has sample commands about creating them:
- https://github.com/asipto/secsipidx?tab=readme-ov-file#keys-generation The .crt is probably the raw format of the public certificate. Cheers, Daniel On 02.10.25 18:28, Martin Nyström via sr-users wrote: > > Answering to myself, I might have solved it by converting the key with > “openssl ec -in stir_private_key.pem -out stir_private_key_ec.pem” and > using the new key in Kamailio. > > > > Still looking to build some knowledge if anyone have input on this, > and why it failed in the first place. > > > > > > > > /M > > > > *From: *Martin Nyström via sr-users <[email protected]> > *Date: *Thursday, 2 October 2025 at 18:23 > *To: *Kamailio (SER) - Users Mailing List <[email protected]> > *Cc: *Martin Nyström <[email protected]> > *Subject: *[SR-Users] secsipid certificate issue for STIRSHAKEN > > > > > *CAUTION:*This email originated from outside the organization. Do not > click links or open attachments unless you recognize the sender and > know the content is safe. > > > > Hi, > > > > I’ve used Peeringhub to generate certificates for STIRSHAKEN. They > have given me one 481L.crt and stir_private_key.pem. > > > However, I am having issues using these in Kamailio. All Kamailio does > on secsipid_add_identity is return an ambigious error “failed to get > identity header body (0)” even with higher debug level. > > > > secsipid_add_identity("$fU", "$rU", "A", "$fU", > "/etc/kamailio/certificates/stirshaken20251002/481L.crt", > "/etc/kamailio/certificates/stirshaken20251002/stir_private_key.pem "); > > > > Both the crt and the key have kamailio as owner and chmod 640. I am > wondering if the certificates are not compatible with Kamailio. > > > > *Here’s the result of: openssl x509 -in 481L.crt -text -noout* > > > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: > > ec:0b:c0:fb:69:40:35:03:0e:7e:22:8f:12:3e:d3:0e > > Signature Algorithm: ecdsa-with-SHA256 > > Issuer: C = US, O = Peeringhub Inc, OU = Certification > Authorities, CN = Peeringhub Inc SHAKEN Intermediate CA 2 > > Validity > > Not Before: Oct 2 12:12:51 2025 GMT > > Not After : Oct 2 12:12:51 2026 GMT > > Subject: C = US, ST = WA, L = Washington DC, O = Connectel AB, > CN = SHAKEN 481L 1759407171535 > > Subject Public Key Info: > > Public Key Algorithm: id-ecPublicKey > > Public-Key: (256 bit) > > pub: > > 04:ab:b3:21:c9:6e:20:fc:f4:43:89:e6:30:88:1f: > > 87:3c:38:f5:7d:ac:2c:06:3b:38:f6:11:ba:68:d1: > > 82:cb:1d:e6:f6:ee:0c:92:ef:66:64:8c:98:73:8b: > > a2:6a:9d:06:33:62:1d:d3:ec:cd:f1:4f:ee:d2:09: > > 95:ba:98:ae:f7 > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > X509v3 extensions: > > X509v3 Key Usage: critical > > Digital Signature > > X509v3 Basic Constraints: critical > > CA:FALSE > > X509v3 Subject Key Identifier: > > B8:D8:8C:F6:00:A7:3B:3D:87:58:2C:54:4A:7E:13:6D:F8:71:9B:8D > > X509v3 Authority Key Identifier: > > > keyid:AE:A1:73:51:88:29:57:11:CA:0C:A9:F4:B1:0A:6E:4E:B8:4B:4D:07 > > > > X509v3 Certificate Policies: > > Policy: 2.16.840.1.114569.1.1.4 > > > > 1.3.6.1.5.5.7.1.26: > > 0.....481L > > X509v3 CRL Distribution Points: > > > > Full Name: > > > URI:https://authenticate-api.iconectiv.com/download/v1/crl > > CRL Issuer: > > DirName:L = Bridgewater, ST = NJ, CN = STI-PA CRL, C > = US, O = STI-PA > > > > Signature Algorithm: ecdsa-with-SHA256 > > 30:46:02:21:00:bb:18:07:ee:90:6d:a3:6f:0d:d5:af:49:82: > > f5:ea:aa:5c:03:74:87:22:28:a2:24:5c:02:05:f6:de:ca:82: > > c8:02:21:00:87:db:0a:48:2c:a7:7a:6f:87:2e:93:14:9a:04: > > 34:4d:1b:07:0b:bf:f2:61:37:8c:c5:85:67:68:ac:0c:9d:08 > > > > > > > > *Here’s the filtered result of: openssl pkey -in > /etc/kamailio/certificates/stirshaken20251002/stir_private_key.pem > -text -noout* > > > > Private-Key: (256 bit) > > priv: <FILTERED> > > pub: 04:ab:b3:21:... > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > > > > > > > Thanks for any help, > > > > > > /M > > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions -- > [email protected] > To unsubscribe send an email to [email protected] > Important: keep the mailing list in the recipients, do not reply only to the > sender! -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
