[OpenSIPS-Users] stir shaken verification

Marcin Groszek marcin at voipplus.net
Thu Jan 5 00:12:59 UTC 2023

Opensips version 3.1.5

I am having some issues with stir_shaken setup. I am sure this not an 
issue with the module, but me.

|stir_shaken_auth works just fine and I am able to sign the calls, 
however I was unable to find any document how to use a ca file available 
for download at iconectiv/download-list as well as via API. They do come 
in as jwt file, but after little manipulation individual certificates 
can be extracted, and the first one is the root certificate; I think, 
and the rest are trusted STI-CA. ||I guess my question is how do I use 
this file or any other cert file as |"ca_list" and/or "ca_dir" .

After weeks and hundreds attempts I was unsuccessful, and I was unable 
to locate any document explaining preparation/setup/steps to setup 

All I get is :

ERROR:stir_shaken:load_cert: Failed to parse certificate
ERROR:stir_shaken:w_stir_verify: Failed to load certificate
on INVITE with valid identity header.

When I remove or replaceĀ  "ca_list" file with something bogus opensips 
does not even startĀ  with errors:

ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs
ERROR:core:init_mod: failed to initialize module stir_shaken

I would really appreciate some guidance on this one.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230104/2eddc53a/attachment.html>

More information about the Users mailing list