Verification Server
STIR/SHAKEN Verification Server (STI-VS)
Note: Brekeke SIP Server Premium Edition is required.
1. Enable the STI-VS function
In the [STIR/SHAKEN VS] > [STI-VS Settings] page, set “on” at the [On/Off].
2. Import STI-CA Root certificates
In the [STIR/SHAKEN VS] > [STI-VS Settings] page, export the file at the [Root Certs File].
Supportted file formats are PEM, JKS and PKCS#12.
3. Enable the Event log (Optional)
In the [STIR/SHAKEN VS] > [STI-VS Settings] page, set “on” at the [Event Log].
4. Enable the Debug log (Optional)
In the [Diagnostics] > [Debug Logs] page, check [STIR/SHAKEN] category and push [Update].
5. Add the DialPlan rule
5-1. Reject if no Identity header.
In the default, the SIP server doesn’t reject an INVITE even if it does’ have an Identity header according to ATIS’s recommendation.
The following example returns the “603” if the INVITE doest’t have an Identity header.
Example:
[Matching Patterns] $request = ^INVITE $sti_vs.result = 1 [Deploy Patterns] $response = 603
5-2. Verify an INVITE
For verifying an incoming INVITE, DialPlan functions under the class $sti_vs should be used.
The following rule examines Identity header, caller’s certificates and their freshness.
If there are any issues, a reject response packet will be returned to the caller automatically.
Example:
[Matching Patterns] $request = ^INVITE $sti_vs.verify = ^false [Deploy Patterns] $action = sti_vs.reject
5-3. Get the attest
The following example returns the “603” if the attest is C
Example:
[Matching Patterns] $request = ^INVITE $sti_vs.attest = C [Deploy Patterns] $response = 603