Master DNL Class4
  • Introduction
  • Configure a new Class 4 instance
    • Setup Admin Access
    • First Time Login
    • Setup SIP Switch
  • Your First Call with Class 4 Fusion
    • Create Vendor Rate Table
    • Create Termination Vendor
    • Create Egress Trunk
    • Create Dynamic Route
    • Create Routing Plan
    • Create Client Rate Table
    • Create Termination Client
    • Create Ingress Trunk
    • Simulate Your Call
  • Support Contact
  • eLearning
  • Bug Reporting Process
  • Hardware Sizing
  • Licensing
  • Installation
    • Install with Tarball
    • Install with RPM
      • Step by Step Guide
    • Install with AWS
    • Install with Google Cloud
    • Distributed Architecture
      • Switch Server
        • dnl_live_monitor
        • dnl_tool
        • dnl_livecall
        • dnl_softswitch
        • dnl_watchdog
        • dnl_cloud
      • Web UI
        • dnl_web_helper
    • Troubleshoot Your Installation
    • Setup SSL on Web UI
    • LAN IP Setup for Virtual Machine
    • Change IP/MAC Address
    • Validate Your Installation
      • Check dnl_softswitch log
    • Configuring DNL softswitch
    • Setup Selinux
  • Configuring Stir/Shaken
    • Generating Certificate with Peeringhub.io
  • Upgrade an Existing Installation
    • Update an Existing Installation
      • Update with Tarball
      • Update with RPM
  • Stir Shaken
    • Introduction
    • Configure Class 4
    • Configure Stir Shaken in DB
    • Configure Ingress Trunk
    • Configuring Egress Trunk
    • Basic Configuration Example
    • Validation of Stir/Shaken Setup
    • Setup External AS/VS connectivity
  • Basic Switch Configuration
    • Integrate Class 4 to Google SMTP
    • Customize your logo
    • Customize Domain Name
    • Customize email template
    • Customize invoice template
    • Configuring Payment Gateway
      • Stripe Configuration
      • Paypal Configuration
    • Configuring CDR and PCAP Backup
      • Google Cloud Setup
    • Configuring SIP Registration
    • Configuring LRN
  • Quick Setup for Termination Traffic
    • Create Termination Vendor
      • Specify IP to send to egress
    • Create Termination Route
      • Routing Plan
      • Static Route
      • Dynamic Route
    • Create Termination Client
    • Test with Call Simuation
    • Test Calls with SIP Client
    • Check CDR
  • Quick Setup for Origination Traffic
    • Introduction
    • Create DID Vendors
    • Create DID Billing Plan
    • Create DID Clients
    • DID Repository
    • Assign DID to Client
    • Test Calls with Call Simulation
    • Setup for your client to buy DIDs from portal
  • Data Access
    • Postgres Database
      • Obtain Report Data from DB
      • Obtain CDR from DB
    • Raw Switch Data
      • CDR Data
        • Release Cause Definition
      • PCAP Data
      • Auto Data Cleanup
  • System Administration
    • Modules
    • Start and Stop
    • Logging
    • Software Updates
    • Setup additional dnl_softswitch
    • Add Additional IP to Switch
    • Configure SIP Cause Code and Q850 Mapping
    • Enable Media Proxy
  • Class 4 API
    • Authorization
    • Class4 API
  • Troubleshooting
    • Calls are failure
    • Change Q850 in 4xx/5xx
    • One-way Audio with SIP Client Testing
      • Using Zoiper to resolve NAT issue
  • Automatic Call Blocking
    • Introduction
    • Youmail Blocking
    • DNC Blocking
    • LERG Blocking
Powered by GitBook
On this page

Was this helpful?

  1. Stir Shaken

Configure Class 4

The configuration is fully in dnl switch config file right now: /opt/denovo/dnl_softswitch/conf/dnl_softswitch.conf

 
[shaken]
# Whether to use built-in or remote module. Default: use remote
use_builtin = yes

#
# Built-in STIR/SHAKEN module configuration
# Ignored if set use_builtin = no
#
# Iconectiv API account credentials

iconectiv_user_id = xxx
iconectiv_password = xxx

# Whether to use staging environment (default: use production)
# iconectiv_staging = yes

# Trace HTTP requests to iconectiv API
#iconectiv_trace = yes
# SHAKEN STI-SP key to sign calls with

sti_sp_key_path = /opt/denovo/dnl_softswitch/shaken/sti_sp_813T_ec.pem
sti_sp_key_passphrase = ENfexxx5MbHxppJV

# URL to SHAKEN STI-SP certificate to put in PASSporT
sti_sp_x5u = http://certificates.peeringhub.io/0axxx0b4d93fdb0e628c577020c73b8a5caff750e7e499f80ee2ab362a3f6a.crt

# Log all sign requests into a file
sti_sp_sign_log = yes

# Log all verification errors into a file
sti_sp_verification_error_log = yes

# Certificates cache location (default binary path /shaken_cache)
#cert_cache_path = /opt/denovo/dnl_softswitch/shaken_cache
#
# External STIR/SHAKEN module configuration
# Ignored if set use_builtin = yes
#
# Path to PEM certificate file for TLS connections
#our_cert_file =
# How many times to retry failed requests
max_retry = 3
# Request timeout
req_timeout = 0.5
# Connection failures timeout
conn_timeout = 10
# How often to post status into c4_shaken_status table
# Set 0 to disable.
status_post_interval = 1
# Our bind address for UDP connections
our_ip = 176.31.100.14
our_port = 15889
# Log all incoming and outgoing data (1 - true; 0 - false)
enable_trace = 1


After you configure the [shaken] section, you need to restart the switch to make it effective.

Configure built-in SHAKEN module in dnl_softswitch.conf (use template from c4v7 stash >= v7.1.2-1),

Explanation of key stir-shaken parameters

[shaken]

Make switch use built-in module instead of external

use_builtin = yes

Path to STI-SP private key for calls signing, and its passphrase (if required)

sti_sp_key_path = /opt/denovo/dnl_softswitch/certs/sti_sp_XXX.pem
sti_sp_key_passphrase = 12345678
Public URL of STI-SP certificate
sti_sp_x5u = http://certificates.peeringhub.io/XXXXX.crt

Log all signing operations and verification errors

sti_sp_sign_log = yes
sti_sp_verification_error_log = yes

If server does not have access to iconectiv.com, make sure to delete/comment-out the corresponding configuration in the dnl_softswitch.conf:

# Iconectiv API account credentials
#iconectiv_user_id = sp_username
#iconectiv_password = sp_password

In most cases, you just need to modify these following lines and leave the rest as default:

sti_sp_key_path - path to their private key to sign calls.

sti_sp_key_passphrase - password for this key, if it's encrypted.

sti_sp_x5u - URL which can be used to download certificates.

PreviousIntroductionNextConfigure Stir Shaken in DB

Last updated 3 years ago

Was this helpful?