Hello,
Is it possible populate Stir/Shaken cache directory to lower the probability of breaking incoming calls for communication issues with cert authority ?
If positive, how can it be done ?
Best regards
In my (small scale) testing, *.pem files in cache have the exact same content than the ones I would like to add: the only difference is the file name.
Currently there’s no easy way to pre-populate the cache but I’m not quite sure what your issue or objective is. Are you saying that when a call comes in that the retrieval of the X5U certificate URL is failing sometimes? Then, assuming you have failure_action set to reject_request, the call fails?
Local regulation compliance (I’m not 100% sure this is mandatory) is asking ITSP to download certs preventively probably to lower workload on authority resources (bandwidth, CPU, …).
Total count is about 600 certs from 200 ITSP.
A “stir-shaken cache import /tmp/foo/bar/1234567890.crt” CLI would perfectly fits, if having as many certs don’t introduce undesirable side effects.
We were thinking of populating our cert cache once a week.
Interesting. Go ahead and open an “improvement” issue at Issues · asterisk/asterisk · GitHub and I’ll see if we can create something along those lines.
There is no guarantee or time frame on such things, though.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.