Configure Class 4

The configuration is fully in dnl switch config file right now: /opt/denovo/dnl_softswitch/conf/dnl_softswitch.conf

 
[shaken]
# Whether to use built-in or remote module. Default: use remote
use_builtin = yes

#
# Built-in STIR/SHAKEN module configuration
# Ignored if set use_builtin = no
#
# Iconectiv API account credentials

iconectiv_user_id = xxx
iconectiv_password = xxx

# Whether to use staging environment (default: use production)
# iconectiv_staging = yes

# Trace HTTP requests to iconectiv API
#iconectiv_trace = yes
# SHAKEN STI-SP key to sign calls with

sti_sp_key_path = /opt/denovo/dnl_softswitch/shaken/sti_sp_813T_ec.pem
sti_sp_key_passphrase = ENfexxx5MbHxppJV

# URL to SHAKEN STI-SP certificate to put in PASSporT
sti_sp_x5u = http://certificates.peeringhub.io/0axxx0b4d93fdb0e628c577020c73b8a5caff750e7e499f80ee2ab362a3f6a.crt

# Log all sign requests into a file
sti_sp_sign_log = yes

# Log all verification errors into a file
sti_sp_verification_error_log = yes

# Certificates cache location (default binary path /shaken_cache)
#cert_cache_path = /opt/denovo/dnl_softswitch/shaken_cache
#
# External STIR/SHAKEN module configuration
# Ignored if set use_builtin = yes
#
# Path to PEM certificate file for TLS connections
#our_cert_file =
# How many times to retry failed requests
max_retry = 3
# Request timeout
req_timeout = 0.5
# Connection failures timeout
conn_timeout = 10
# How often to post status into c4_shaken_status table
# Set 0 to disable.
status_post_interval = 1
# Our bind address for UDP connections
our_ip = 176.31.100.14
our_port = 15889
# Log all incoming and outgoing data (1 - true; 0 - false)
enable_trace = 1

After you configure the [shaken] section, you need to restart the switch to make it effective.

Configure built-in SHAKEN module in dnl_softswitch.conf (use template from c4v7 stash >= v7.1.2-1),

Explanation of key stir-shaken parameters

[shaken]

Make switch use built-in module instead of external

use_builtin = yes

Path to STI-SP private key for calls signing, and its passphrase (if required)

sti_sp_key_path = /opt/denovo/dnl_softswitch/certs/sti_sp_XXX.pem
sti_sp_key_passphrase = 12345678
Public URL of STI-SP certificate
sti_sp_x5u = http://certificates.peeringhub.io/XXXXX.crt

Log all signing operations and verification errors

sti_sp_sign_log = yes
sti_sp_verification_error_log = yes

If server does not have access to iconectiv.com, make sure to delete/comment-out the corresponding configuration in the dnl_softswitch.conf:

# Iconectiv API account credentials
#iconectiv_user_id = sp_username
#iconectiv_password = sp_password

In most cases, you just need to modify these following lines and leave the rest as default:

sti_sp_key_path - path to their private key to sign calls.

sti_sp_key_passphrase - password for this key, if it's encrypted.

sti_sp_x5u - URL which can be used to download certificates.

PreviousIntroduction NextConfigure Stir Shaken in DB

Last updated 3 years ago

Was this helpful?

[shaken] # Whether to use built-in or remote module. Default: use remote use_builtin = yes # # Built-in STIR/SHAKEN module configuration # Ignored if set use_builtin = no # # Iconectiv API account credentials iconectiv_user_id = xxx iconectiv_password = xxx # Whether to use staging environment (default: use production) # iconectiv_staging = yes # Trace HTTP requests to iconectiv API #iconectiv_trace = yes # SHAKEN STI-SP key to sign calls with sti_sp_key_path = /opt/denovo/dnl_softswitch/shaken/sti_sp_813T_ec.pem sti_sp_key_passphrase = ENfexxx5MbHxppJV # URL to SHAKEN STI-SP certificate to put in PASSporT sti_sp_x5u = http://certificates.peeringhub.io/0axxx0b4d93fdb0e628c577020c73b8a5caff750e7e499f80ee2ab362a3f6a.crt # Log all sign requests into a file sti_sp_sign_log = yes # Log all verification errors into a file sti_sp_verification_error_log = yes # Certificates cache location (default binary path /shaken_cache) #cert_cache_path = /opt/denovo/dnl_softswitch/shaken_cache # # External STIR/SHAKEN module configuration # Ignored if set use_builtin = yes # # Path to PEM certificate file for TLS connections #our_cert_file = # How many times to retry failed requests max_retry = 3 # Request timeout req_timeout = 0.5 # Connection failures timeout conn_timeout = 10 # How often to post status into c4_shaken_status table # Set 0 to disable. status_post_interval = 1 # Our bind address for UDP connections our_ip = 176.31.100.14 our_port = 15889 # Log all incoming and outgoing data (1 - true; 0 - false) enable_trace = 1

Explanation of key stir-shaken parameters

[shaken]

Make switch use built-in module instead of external

use_builtin = yes

Path to STI-SP private key for calls signing, and its passphrase (if required)

sti_sp_key_path = /opt/denovo/dnl_softswitch/certs/sti_sp_XXX.pem
sti_sp_key_passphrase = 12345678
Public URL of STI-SP certificate
sti_sp_x5u = http://certificates.peeringhub.io/XXXXX.crt

Log all signing operations and verification errors

sti_sp_sign_log = yes
sti_sp_verification_error_log = yes

If server does not have access to iconectiv.com, make sure to delete/comment-out the corresponding configuration in the dnl_softswitch.conf:

# Iconectiv API account credentials
#iconectiv_user_id = sp_username
#iconectiv_password = sp_password

In most cases, you just need to modify these following lines and leave the rest as default:

sti_sp_key_path - path to their private key to sign calls.

sti_sp_key_passphrase - password for this key, if it's encrypted.

sti_sp_x5u - URL which can be used to download certificates.