this is what i do (i have a redirect server receive the INVITEs to be signed, I add the header and then do 302, the initiating server then add it to the INVITE and sends the invite out:
if ($rm=="INVITE") { $var(rc) = secsipid_add_identity("$(var(from){s.numeric})", "$(var(to){s.numeric})", "A", "", " https://pki.domain.com/stir-shaken-cert.pem", "/etc/kamailio/ec256-private.pem");
if ( $var(rc) > 0 ) { msg_apply_changes(); } else { update_stat("stirshaken_create_identity_failed","+1"); send_reply("503", "Service Unavailable - can not create Identity header"); exit; }
append_to_reply("Identity: $hdr(Identity)\r\n"); } sl_send_reply("302", "Redirect"); exit;
hope that helps
Regards,
David Villasmil email: david.villasmil.work@gmail.com
On Thu, Jun 20, 2024 at 11:14 PM Blake Ivey via sr-users < sr-users@lists.kamailio.org> wrote:
Hmm you are correct. I took it out and it started fine. So what exactly would I need for our outbound stirshaken?
Just secsipid_add_identity?
I guess I've been looking at this for too long today. Just lines and lines after a while.
On Thu, Jun 20, 2024, 4:47 PM Ben Kaufman bkaufman@bcmone.com wrote:
Except for `expire` and `timeout`, those parameters don’t exist for secsip id- at least according to the module documentation: https://kamailio.org/docs/modules/stable/modules/secsipid
Regards,
Kaufman
*From:* Blake Ivey uga5324@gmail.com *Sent:* Thursday, June 20, 2024 3:39 PM *To:* Ben Kaufman bkaufman@bcmone.com *Cc:* sr-users@lists.kamailio.org *Subject:* Re: [SR-Users] SecSIPID Assistance
*CAUTION:* This email originated from outside the organization. *Do not click links or open attachments* unless you recognize the sender and know the content is safe.
Sorry for the formatting:
ERROR: <core> [core/modparam.c:185]: set_mod_param_regex(): parameter <private_key> of type <1:string> not found in module <secsipid> kamailio: CRITICAL: <core> [core/cfg.y:4011]: yyerror_at(): parse error in config file /etc/kamailio/kamailio.cfg, line 71, column 73: Can't set module parameter kamailio: CRITICAL: <core> [core/cfg.y:4011]: yyerror_at(): parse error in config file /etc/kamailio/kamailio.cfg, line 71, column 70: Can't set module parameter kamailio: ERROR: <core> [core/modparam.c:185]: set_mod_param_regex(): parameter <key_path> of type <1:string> not found in module <secsipid>
On Thu, Jun 20, 2024, 4:31 PM Ben Kaufman bkaufman@bcmone.com wrote:
What is the error you’re getting?
Regards,
Kaufman
*From:* Blake Ivey via sr-users sr-users@lists.kamailio.org *Sent:* Thursday, June 20, 2024 3:14 PM *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Cc:* Blake Ivey uga5324@gmail.com *Subject:* [SR-Users] SecSIPID Assistance
*CAUTION:* This email originated from outside the organization. *Do not click links or open attachments* unless you recognize the sender and know the content is safe.
Hi everyone. Wanting to see if someone could point me in the right direction. Still very knew to Kamailio but I am beginning to understand it better. I'm making an outbound proxy and have everything working well besides stir/shaken. I'm looking at the module page and have went back and forth with chatGPT and can't seem to figure this part out. I keep getting errors on the modparam lines.
Obviously this is a self signed cert because I'm just testing. I am able to reach and download the cert from the Web server.
Thank you for any assistance.
# SECSIPID for Stir/Shaken
modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key")
modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt")
modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt")
modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2)
route[STIRSHAKEN] {
if (is_method("INVITE")) { if (!secsipid_add_identity("$fU", "$rU", "A", "", "
http://myIPaddress.com/stir_shaken_cert.crt http://myipaddress.com/stir_shaken_cert.crt", "/etc/kamailio/secsipid/private.key")) {
xlog("L_ERR", "Failed to sign call with ID: $ci - From:
$fU\n");
send_reply("500", "Internal Server Error"); exit; } else { xlog("L_INFO", "Successfully signed call with ID: $ci - From:
$fU\n");
} } # Relay the call after signing route(RELAY);
}
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: