[OpenSIPS-Users] Stir Shaken: Failed to load certificate

Mickael Hubert mickael at winlux.fr
Mon May 29 12:55:16 UTC 2023 

Hi,
Can you tell me what is the best way to load our private key please ?
It would be great not to have it as clear text in opensips's configuration.

thanks in advance

Le lun. 21 nov. 2022 à 13:39, ryan embgrets <rembgrets at gmail.com> a écrit :

> That was it.
>
> Working flawlessly.Thanks Vlad Patrascu
>
> Ryan
>
> On Mon, 21 Nov 2022 at 17:24, Vlad Patrascu <vladp at opensips.org> wrote:
>
>> Hi Ryan,
>>
>> You have to provide to the stir_shaken_auth() function the actual
>> content of the certificate file and not just the path. The same goes for
>> the private key.
>>
>> Regards,
>>
>> --
>> Vlad Patrascu
>> OpenSIPS Core Developer
>> http://www.opensips-solutions.com
>>
>> On 21.11.2022 14:02, ryan embgrets wrote:
>> > Greetings
>> >
>> > I am trying to generate an Identity header by using the stir_shaken
>> > module of the opensips.
>> >
>> > But I am encountering the below error each time upon call.
>> >
>> > Nov 21 11:15:20 local /usr/sbin/opensips[5051]:
>> > ERROR:stir_shaken:w_stir_verify: Failed to load certificate
>> > Nov 21 11:15:20 local /usr/sbin/opensips[5051]:
>> > ERROR:stir_shaken:load_cert: Failed to parse certificate
>> >
>> > #Module section.
>> > loadmodule "stir_shaken.so"
>> >
>> > route{
>> >
>> >       $var(cert) = "/etc/opensips/certs.pem";
>> >        $var(privKey) = "/etc/opensips/key.pem";
>> >       stir_shaken_auth("A", "",$var(cert), $var(privKey),
>> > "https://domain.org/cert.pem");
>> > }
>> >
>> > Though the cert looks valid, has proper permission for the opensips to
>> > access them and cross checked with openssl for the verification.
>> >
>> > Any pointer on what might be causing this?
>> >
>> > Ryan
>> >
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.opensips.org
>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230529/1b6e3e86/attachment.html>

More information about the Users mailing list