Configure Class 4
The configuration is fully in dnl switch config file right now: /opt/denovo/dnl_softswitch/conf/dnl_softswitch.conf
1
2
[shaken]
3
# Whether to use built-in or remote module. Default: use remote
4
use_builtin = yes
5
6
#
7
# Built-in STIR/SHAKEN module configuration
8
# Ignored if set use_builtin = no
9
#
10
# Iconectiv API account credentials
11
12
iconectiv_user_id = xxx
13
iconectiv_password = xxx
14
15
# Whether to use staging environment (default: use production)
16
# iconectiv_staging = yes
17
18
# Trace HTTP requests to iconectiv API
19
#iconectiv_trace = yes
20
# SHAKEN STI-SP key to sign calls with
21
22
sti_sp_key_path = /opt/denovo/dnl_softswitch/shaken/sti_sp_813T_ec.pem
23
sti_sp_key_passphrase = ENfexxx5MbHxppJV
24
25
# URL to SHAKEN STI-SP certificate to put in PASSporT
26
sti_sp_x5u = http://certificates.peeringhub.io/0axxx0b4d93fdb0e628c577020c73b8a5caff750e7e499f80ee2ab362a3f6a.crt
27
28
# Log all sign requests into a file
29
sti_sp_sign_log = yes
30
31
# Log all verification errors into a file
32
sti_sp_verification_error_log = yes
33
34
# Certificates cache location (default binary path /shaken_cache)
35
#cert_cache_path = /opt/denovo/dnl_softswitch/shaken_cache
36
#
37
# External STIR/SHAKEN module configuration
38
# Ignored if set use_builtin = yes
39
#
40
# Path to PEM certificate file for TLS connections
41
#our_cert_file =
42
# How many times to retry failed requests
43
max_retry = 3
44
# Request timeout
45
req_timeout = 0.5
46
# Connection failures timeout
47
conn_timeout = 10
48
# How often to post status into c4_shaken_status table
49
# Set 0 to disable.
50
status_post_interval = 1
51
# Our bind address for UDP connections
52
our_ip = 176.31.100.14
53
our_port = 15889
54
# Log all incoming and outgoing data (1 - true; 0 - false)
55
enable_trace = 1
56
57
58
Copied!
After you configure the [shaken] section, you need to restart the switch to make it effective.
Configure built-in SHAKEN module in dnl_softswitch.conf (use template from c4v7 stash >= v7.1.2-1),

Explanation of key stir-shaken parameters

[shaken]
Make switch use built-in module instead of external
1
use_builtin = yes
2
Copied!
Path to STI-SP private key for calls signing, and its passphrase (if required)
1
sti_sp_key_path = /opt/denovo/dnl_softswitch/certs/sti_sp_XXX.pem
2
sti_sp_key_passphrase = 12345678
3
Public URL of STI-SP certificate
4
sti_sp_x5u = http://certificates.peeringhub.io/XXXXX.crt
Copied!
Log all signing operations and verification errors
1
sti_sp_sign_log = yes
2
sti_sp_verification_error_log = yes
Copied!
If server does not have access to iconectiv.com, make sure to delete/comment-out the corresponding configuration in the dnl_softswitch.conf:
1
# Iconectiv API account credentials
2
#iconectiv_user_id = sp_username
3
#iconectiv_password = sp_password
Copied!
In most cases, you just need to modify these following lines and leave the rest as default:
sti_sp_key_path - path to their private key to sign calls.
sti_sp_key_passphrase - password for this key, if it's encrypted.
sti_sp_x5u - URL which can be used to download certificates.