STIR/SHAKEN Signing Certificates
This configuration section defines the certificates and private keys used for the Identity Signing procedure.
Attributes
- Name
- A user-friendly name for the signing certificate.
- Certificate
- The certificate in PEM format. The certificate must use the
ecdsa-with-SHA256signature algorithm. - Private Key
- The corresponding ECDSA private key in PEM format.
- X5U
- The X5U parameter for the Identity header. The URL in X5U must point to your certificate and be publicly accessible. Remote systems will use this URL to fetch your certificate during their own Identity validation procedure.
TIP
A STIR/SHAKEN certificate is required to include the tn_auth_list extension. Therefore, if you plan to test STIR/SHAKEN signing using a self-signed certificate, make sure your certificate contains this extension. For detailed instructions, see: https://blog.opensips.org/2022/10/31/how-to-generate-self-signed-stir-shaken-certificates/