Hello!
Configuring the refactored STIR/SHAKEN module in Asterisk 20.14.1, here’s my config, outbound calls only. How do I verify calls are getting signed?
[attestation]
global_disable=no
private_key_file=/etc/asterisk/certs/XXX.key
public_cert_url=https://XXX/XXX.crt
attest_level=A
[test_profile]
type=profile
endpoint_behavior=attest
In pjsip config I have:
stir_shaken=yes
stir_shaken_profile=test_profile
Thanks for any help 
When I look at the endpoing in the CLI, it shows stir_shaken set to “no”, regardless of the pjsip setting for the endpoint:
stir_shaken : no
stir_shaken_profile : test_profile
When I run stir_shaken show profiles from the CLI it does show the appropriate profile.
This seems to be the root of my problem, but everything seems in order. Confused. Thanks for any insights!
Edit: I found a note that said stir_shaken_profile is used instead of stir_shaken so perhaps this isn’t where I need to be looking.
I needed this option in my profile:
unknown_tn_attest_level=A
Yeah, you need to set that option if you don’t have any specific “tn” objects that match the caller-id. You can check to see if the INVITE contains an Identity header by issuing teh following CLI commands: pjsip set logger method INVITE then pjsip set logger host <dest_ip_address>.