# Configure Class 4

The configuration is fully in dnl switch config file right now: /opt/denovo/dnl\_softswitch/conf/dnl\_softswitch.conf

```
 
[shaken]
# Whether to use built-in or remote module. Default: use remote
use_builtin = yes

#
# Built-in STIR/SHAKEN module configuration
# Ignored if set use_builtin = no
#
# Iconectiv API account credentials

iconectiv_user_id = xxx
iconectiv_password = xxx

# Whether to use staging environment (default: use production)
# iconectiv_staging = yes

# Trace HTTP requests to iconectiv API
#iconectiv_trace = yes
# SHAKEN STI-SP key to sign calls with

sti_sp_key_path = /opt/denovo/dnl_softswitch/shaken/sti_sp_813T_ec.pem
sti_sp_key_passphrase = ENfexxx5MbHxppJV

# URL to SHAKEN STI-SP certificate to put in PASSporT
sti_sp_x5u = http://certificates.peeringhub.io/0axxx0b4d93fdb0e628c577020c73b8a5caff750e7e499f80ee2ab362a3f6a.crt

# Log all sign requests into a file
sti_sp_sign_log = yes

# Log all verification errors into a file
sti_sp_verification_error_log = yes

# Certificates cache location (default binary path /shaken_cache)
#cert_cache_path = /opt/denovo/dnl_softswitch/shaken_cache
#
# External STIR/SHAKEN module configuration
# Ignored if set use_builtin = yes
#
# Path to PEM certificate file for TLS connections
#our_cert_file =
# How many times to retry failed requests
max_retry = 3
# Request timeout
req_timeout = 0.5
# Connection failures timeout
conn_timeout = 10
# How often to post status into c4_shaken_status table
# Set 0 to disable.
status_post_interval = 1
# Our bind address for UDP connections
our_ip = 176.31.100.14
our_port = 15889
# Log all incoming and outgoing data (1 - true; 0 - false)
enable_trace = 1



```

After you configure the \[shaken] section, you need to restart the switch to make it effective.

{% hint style="info" %}
Configure built-in SHAKEN module in dnl\_softswitch.conf (use template from c4v7 stash >= v7.1.2-1),
{% endhint %}

\
Explanation of key stir-shaken parameters 
-----------------------------------------------

\[shaken]

Make switch use built-in module instead of external

```
use_builtin = yes

```

Path to STI-SP private key for calls signing, and its passphrase (if required)

```
sti_sp_key_path = /opt/denovo/dnl_softswitch/certs/sti_sp_XXX.pem
sti_sp_key_passphrase = 12345678
Public URL of STI-SP certificate
sti_sp_x5u = http://certificates.peeringhub.io/XXXXX.crt
```

Log all signing operations and verification errors

```
sti_sp_sign_log = yes
sti_sp_verification_error_log = yes
```

If server does not have access to iconectiv.com, make sure to delete/comment-out the corresponding configuration in the dnl\_softswitch.conf:

```
# Iconectiv API account credentials
#iconectiv_user_id = sp_username
#iconectiv_password = sp_password
```

{% hint style="info" %}
In most cases, you just need to modify these following lines and leave the rest as default:

sti\_sp\_key\_path - path to their private key to sign calls. 

sti\_sp\_key\_passphrase - password for this key, if it's encrypted.

sti\_sp\_x5u - URL which can be used to download certificates. 
{% endhint %}