Configure Class 4

The configuration is fully in dnl switch config file right now: /opt/denovo/dnl_softswitch/conf/dnl_softswitch.conf

# Whether to use built-in or remote module. Default: use remote
use_builtin = yes

# Built-in STIR/SHAKEN module configuration
# Ignored if set use_builtin = no
# Iconectiv API account credentials

iconectiv_user_id = xxx
iconectiv_password = xxx

# Whether to use staging environment (default: use production)
# iconectiv_staging = yes

# Trace HTTP requests to iconectiv API
#iconectiv_trace = yes
# SHAKEN STI-SP key to sign calls with

sti_sp_key_path = /opt/denovo/dnl_softswitch/shaken/sti_sp_813T_ec.pem
sti_sp_key_passphrase = ENfexxx5MbHxppJV

# URL to SHAKEN STI-SP certificate to put in PASSporT
sti_sp_x5u =

# Log all sign requests into a file
sti_sp_sign_log = yes

# Log all verification errors into a file
sti_sp_verification_error_log = yes

# Certificates cache location (default binary path /shaken_cache)
#cert_cache_path = /opt/denovo/dnl_softswitch/shaken_cache
# External STIR/SHAKEN module configuration
# Ignored if set use_builtin = yes
# Path to PEM certificate file for TLS connections
#our_cert_file =
# How many times to retry failed requests
max_retry = 3
# Request timeout
req_timeout = 0.5
# Connection failures timeout
conn_timeout = 10
# How often to post status into c4_shaken_status table
# Set 0 to disable.
status_post_interval = 1
# Our bind address for UDP connections
our_ip =
our_port = 15889
# Log all incoming and outgoing data (1 - true; 0 - false)
enable_trace = 1

After you configure the [shaken] section, you need to restart the switch to make it effective.

Configure built-in SHAKEN module in dnl_softswitch.conf (use template from c4v7 stash >= v7.1.2-1),

Explanation of key stir-shaken parameters


Make switch use built-in module instead of external

use_builtin = yes

Path to STI-SP private key for calls signing, and its passphrase (if required)

sti_sp_key_path = /opt/denovo/dnl_softswitch/certs/sti_sp_XXX.pem
sti_sp_key_passphrase = 12345678
Public URL of STI-SP certificate
sti_sp_x5u =

Log all signing operations and verification errors

sti_sp_sign_log = yes
sti_sp_verification_error_log = yes

If server does not have access to, make sure to delete/comment-out the corresponding configuration in the dnl_softswitch.conf:

# Iconectiv API account credentials
#iconectiv_user_id = sp_username
#iconectiv_password = sp_password

In most cases, you just need to modify these following lines and leave the rest as default:

sti_sp_key_path - path to their private key to sign calls.

sti_sp_key_passphrase - password for this key, if it's encrypted.

sti_sp_x5u - URL which can be used to download certificates.

Last updated