Hi, Mickael!
I don't have much experience with this, but a first search would point
to this [1] answer, which seems reasonable to me: you need to provide
the CRL of the entire path, not only of your intermediate cert. Did you
try that?
[1] https://stackoverflow.com/a/47398918
Best regards,
Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 7/19/23 15:47, Mickael Hubert wrote:
Hi all,
I'm working on stir and shaken, and I want to include all revoked
certificates.
I my list in DER format, I use this command to transform it to PEM format:
openssl crl -in man_crl.der -inform DER -outform PEM -out crl.pem
there is no erreur, I can read pem format (crl.pem):
-----BEGIN X509 CRL-----
....
-----END X509 CRL-----
I configured opensips with this:
modparam("stir_shaken", "crl_list", "/etc/opensips/stir-shaken-ca/crl.pem")
but I have an error:
ul 19 12:39:07 [12] INFO:stir_shaken:verify_callback: certificate
validation failed: unable to get certificate CRL
Jul 19 12:39:07 [12] INFO:stir_shaken:w_stir_verify: Invalid certificate
Can you tell me, what is exactly the correct format please ?
Thanks in advance !
++
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users