Hi Razvan, Thanks a lot. I loaded the CRL for CA and certs and opensips start correctly ;)
Have a good day ! Le lun. 24 juil. 2023 à 16:07, Răzvan Crainea <[email protected]> a écrit : > Hi, Mickael! > > I don't have much experience with this, but a first search would point > to this [1] answer, which seems reasonable to me: you need to provide > the CRL of the entire path, not only of your intermediate cert. Did you > try that? > > [1] https://stackoverflow.com/a/47398918 > > Best regards, > > Răzvan Crainea > OpenSIPS Core Developer > http://www.opensips-solutions.com > > On 7/19/23 15:47, Mickael Hubert wrote: > > Hi all, > > I'm working on stir and shaken, and I want to include all revoked > > certificates. > > I my list in DER format, I use this command to transform it to > PEM format: > > openssl crl -in man_crl.der -inform DER -outform PEM -out crl.pem > > > > there is no erreur, I can read pem format (crl.pem): > > -----BEGIN X509 CRL----- > > .... > > -----END X509 CRL----- > > > > I configured opensips with this: > > modparam("stir_shaken", "crl_list", > "/etc/opensips/stir-shaken-ca/crl.pem") > > > > but I have an error: > > ul 19 12:39:07 [12] INFO:stir_shaken:verify_callback: certificate > > validation failed: unable to get certificate CRL > > Jul 19 12:39:07 [12] INFO:stir_shaken:w_stir_verify: Invalid certificate > > > > Can you tell me, what is exactly the correct format please ? > > > > Thanks in advance ! > > ++ > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
