[OpenSIPS-Users] Stir Shaken Verification issue

Vlad Patrascu vladp at opensips.org
Mon May 2 14:26:40 UTC 2022

Hi Devang,

The URL in the info param has nothing to do with the verification itself.

I suspect you are somehow not using the proper certificate and/or CA, as 
the certificate generated by the script you mentioned should not be self 
signed, as the error indicates.


Vlad Patrascu
OpenSIPS Core Developer

On 25.04.2022 15:47, Devang Dhandhalya via Users wrote:
> Hello All
> I am testing STIR/SHAKEN calls using two servers.
> calls originating to the first server adding identity header and when 
> sending calls to the second server for verification service at the 
> time of verification service i am getting below error .
> error :437 , Unsupported Credential , Verification Fails with Return 
> code :-8 INFO:stir_shaken:verify_callback: certificate validation 
> failed: self signed certificate INFO:stir_shaken:w_stir_verify: 
> Invalid certificate
> OpenSIPS Version : 3.2.2 I generate certificate using domain which 
> mapped with those 2 server : 
> https://github.com/OpenSIPIt/OpenSIPIt_00/blob/master/STIR_SHAKEN/Certgen/gencert.sh 
> <https://github.com/OpenSIPIt/OpenSIPIt_00/blob/master/STIR_SHAKEN/Certgen/gencert.sh>
> When the same server generates an identity header and verifies it at 
> that time not getting an issue call is working fine but when the 
> identity header generated by server 1 and going to verify it by server 
> 2 we get this above error.
> Is it related to the URL which is in the info param ? When I open that 
> URL in the browser I am able to see the certificate.
> Please suggest a solution for this issue.
> Regards
> Devang Dhandhalya
> *Disclaimer*
> In addition to generic Disclaimer which you have agreed on our 
> website, any views or opinions presented in this email are solely 
> those of the originator and do not necessarily represent those of the 
> Company or its sister concerns. Any liability (in negligence, contract 
> or otherwise) arising from any third party taking any action, or 
> refraining from taking any action on the basis of any of the 
> information contained in this email is hereby excluded.
> *Confidentiality*
> This communication (including any attachment/s) is intended only for 
> the use of the addressee(s) and contains information that is 
> PRIVILEGED AND CONFIDENTIAL. Unauthorized reading, dissemination, 
> distribution, or copying of this communication is prohibited. Please 
> inform originator if you have received it in error.
> *Caution for viruses, malware etc.*
> This communication, including any attachments, may not be free of 
> viruses, trojans, similar or new contaminants/malware, interceptions 
> or interference, and may not be compatible with your systems. You 
> shall carry out virus/malware scanning on your own before opening any 
> attachment to this e-mail. The sender of this e-mail and Company 
> including its sister concerns shall not be liable for any damage that 
> may incur to you as a result of viruses, incompleteness of this 
> message, a delay in receipt of this message or any other computer 
> problems.
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220502/a10f458c/attachment.html>

More information about the Users mailing list