[Spce-user] STIR/SHAKEN config.yml sample config?

William Fulton wfulton at thirdhatch.com
Fri Jun 17 15:51:07 EDT 2022


Here is what I currently have and it keeps complaining that it has detected a character than cannot start any token. This would be the locations right before "- name"

stir:
      cache_dir: /var/cache/kamailio/stir/
      cache_expire: 3600
      domains:
        - name: xxx.xxx.com
        private_key: /var/ngcp-config/ssl/stagingPrivShakenKey-prv10.pem
      enable: yes
      expire: 300
      libopt: []

From: William Fulton <wfulton at thirdhatch.com>
Sent: Friday, June 17, 2022 12:24 PM
To: spce-user at lists.sipwise.com
Subject: Re: [Spce-user] STIR/SHAKEN config.yml sample config?

I found this example in the handbook but it does not actually work when I try to apply the config:
stir:
      cache_dir: /var/cache/kamailio/stir/
      cache_expire: 3600
      domains:
      - name: <domain_name>
        private_key: <path_to_a_private_key_related_to_domain>
      enable: yes
      expire: 300
      libopt: []
      shaken:
        attestation_name: verstat
        attestation_values:
          failed: TN-Validation-Failed
          no_validation: No-TN-Validation
          not_present: TN-Validation-Not-Present
          passed: TN-Validation-Passed
          passed_A: TN-Validation-Passed-A
          passed_B: TN-Validation-Passed-B
          passed_C: TN-Validation-Passed-C
      timeout: 5

From: William Fulton <wfulton at thirdhatch.com<mailto:wfulton at thirdhatch.com>>
Sent: Friday, June 17, 2022 11:11 AM
To: spce-user at lists.sipwise.com<mailto:spce-user at lists.sipwise.com>
Subject: [Spce-user] STIR/SHAKEN config.yml sample config?

Hello,

I need some assistance on how to configure the config.yml to use the private key to sign my outbound traffic.

This appears to be the section to edit, but I could really use a sample config to work with.

stir:
      cache_dir: /var/cache/kamailio/stir/
      cache_expire: 3600
      domains: []
      enable: no
      expire: 300
      libopt: []
      shaken:
        attestation_name: verstat
        attestation_values:
          failed: TN-Validation-Failed
          no_validation: No-TN-Validation
          not_present: TN-Validation-Not-Present
          passed: TN-Validation-Passed
          passed_A: TN-Validation-Passed-A
          passed_B: TN-Validation-Passed-B
          passed_C: TN-Validation-Passed-C
      timeout: 5

The inbound portion appears to be straightforward with the Public URL and the check enabled.

Thank you,
BIll
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20220617/20432db8/attachment-0002.html>


More information about the Spce-user mailing list