How to Apply for a STIR/SHAKEN Certificate: A Step-by-Step Guide for VoIP and Telecom Operators

Anne Kwong November 01, 2025



In today’s telecom environment, caller ID spoofing and robocalls have eroded customer trust. To restore confidence in voice communications, the Federal Communications Commission (FCC) mandated the implementation of STIR/SHAKEN, a framework that verifies caller identity across networks.

If your company provides VoIP, SIP trunking, or wholesale termination services, implementing STIR/SHAKEN is not optional—it’s a compliance requirement. This means obtaining a STIR/SHAKEN certificate from an authorized STI Certificate Authority (CA).

In this article, we’ll cover everything you need to know about how to apply for a STIR/SHAKEN certificate — from eligibility to setup and renewal — so your business can stay compliant and maintain call trustworthiness.

What Is STIR/SHAKEN?

STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) work together to authenticate caller identity using digital certificates.

Here’s how it works:

  1. The originating service provider signs each call with a digital token issued by a trusted STI Certificate Authority.

  2. This token is attached to the SIP INVITE and sent along the call path.

  3. The terminating carrier verifies the signature using public keys published by the CA.

  4. If the verification passes, the call displays as “Verified” on the receiver’s device.

This ensures that when someone receives a call, the caller ID they see actually belongs to the caller — dramatically reducing spoofing and fraud.

Why a STIR/SHAKEN Certificate Is Essential

Without a STIR/SHAKEN certificate, your outbound calls may be flagged as spam, downgraded, or blocked by terminating carriers and analytics providers.

By obtaining a valid STI certificate, you:

  • Authenticate your outbound calls per FCC and ATIS/SIP Forum standards.

  • Prevent your calls from being marked as spam or scam.

  • Improve answer rates and call reputation.

  • Demonstrate compliance and transparency to regulators.

  • Build trust with other carriers and partners.

Whether you’re a CLEC, ITSP, cloud PBX provider, or VoIP wholesaler, having a STIR/SHAKEN certificate is now fundamental to doing business in U.S. telecom.

Step 1: Verify Your Eligibility

Before applying, ensure your company meets the FCC’s STIR/SHAKEN eligibility criteria set by the STI Policy Administrator (STI-PA), currently managed by iconectiv.

You must:

  1. Have a valid Operating Authority (e.g., FCC license, 499A filer ID, or state-issued authorization).

  2. Have direct access to telephone numbers under the North American Numbering Plan (NANP).

  3. Be a recognized voice service provider in the United States.

If you are an international provider or VoIP reseller without direct numbering authority, you can still participate through delegated certificates issued by a registered STI-CA such as Peeringhub.io.

Step 2: Register with the STI Policy Administrator (STI-PA)

All legitimate service providers must first register with the STI-PA before they can obtain certificates.

Here’s how:

  1. Visit https://sti-pa.iconectiv.com.

  2. Create an account and submit your company’s credentials.

  3. Provide documentation such as:

    • FCC 499A filer ID

    • OCN (Operating Company Number)

    • Legal company name and contact information

  4. Await approval (usually within 1–2 business days).

Once approved, your company will appear on the official Authorized Provider List, making you eligible to obtain STIR/SHAKEN certificates.

Step 3: Choose a STIR/SHAKEN Certificate Authority (STI-CA)

After STI-PA approval, you can apply for your certificate through a trusted Certificate Authority.

Some popular STI-CAs include:

  • Peeringhub.io – Affordable and fast issuance, ideal for VoIP resellers and small carriers.

  • Neustar (TransUnion) – Longstanding provider used by large networks.

  • netnumber.id – Common among Tier 1 operators.

  • Iconectiv – The official STI-PA and also a CA.

When selecting a CA, consider:

  • Pricing and renewal frequency (Peeringhub.io offers cost-effective annual plans).

  • API availability for automated signing.

  • Support for delegated attestation (useful if you’re signing on behalf of another entity).

  • Ease of integration with your softswitch or SBC.

Step 4: Apply for Your STIR/SHAKEN Certificate

Once you’ve chosen your CA, you’ll go through a simple verification and issuance process:

  1. Provide your STI-PA approval token (proof you’re authorized).

  2. Submit business details such as your company name, contact person, and address.

  3. Select your certificate type:

    • A-Level – Full attestation: you own the number and have direct customer relationship.

    • B-Level – Partial attestation: you know the customer but not number ownership.

    • C-Level – Gateway attestation: you can’t verify the origin but know it’s valid.

  4. Sign a subscriber agreement and pay any required fee.

  5. Receive your STI certificate, usually in PEM format.

Providers like Peeringhub.io issue certificates in as little as a few minutes once verification is complete.

Step 5: Integrate the Certificate into Your VoIP System

After receiving your certificate, integrate it into your SIP softswitch, SBC, or cloud PBX platform.

If you use software like Denovolab, Kamailio, FreeSWITCH, or OpenSIPS, you’ll need to:

  • Install the certificate and private key.

  • Configure the STI-AS (Authentication Service) to sign outbound calls.

  • Implement the STI-VS (Verification Service) to validate inbound calls.

  • Test with known endpoints to confirm proper PASSporT header signing.

If you prefer a simpler approach, Peeringhub.io and other modern CAs provide cloud-based signing APIs, meaning you can delegate the signing process without managing cryptographic material locally.

Step 6: Keep Your Certificate Current

STIR/SHAKEN certificates generally expire after 12 months, so timely renewal is essential.

In addition to renewing your certificate, you should:

  • Keep your STI-PA registration active.

  • Update your FCC filings (Form 499A) annually.

  • Maintain accurate attestation policies to ensure your calls are properly classified (A, B, or C).

Failure to renew or maintain compliance can cause your calls to lose authentication and potentially be blocked by terminating carriers.

Step 7: Monitor and Maintain Your Call Reputation

After deployment, continuous monitoring is vital. Tools like Telcomdata.us and Denovolab Softswitch let you:

  • Track which calls are signed and verified.

  • Monitor attestation levels (A/B/C).

  • Detect issues with call verification or carrier interoperability.

  • Keep your call traffic reputation healthy.

Your goal should be to maintain consistent A-level attestation and avoid traffic patterns that trigger analytics-based blocking.

Conclusion

Applying for a STIR/SHAKEN certificate may seem technical at first, but the process is straightforward once you understand the requirements.

Here’s a quick recap:

  1. Verify eligibility with the FCC and STI-PA.

  2. Register with the STI Policy Administrator (iconectiv).

  3. Choose an authorized CA such as Peeringhub.io.

  4. Apply and obtain your certificate.

  5. Integrate and maintain it in your SIP infrastructure.

  6. Renew annually to stay compliant.

Implementing STIR/SHAKEN not only ensures FCC compliance, but also boosts your call trustworthiness and customer satisfaction.

If you’re ready to apply for your STIR/SHAKEN certificate or want help setting it up, visit Peeringhub.io — a certified STI-CA offering fast, affordable, and FCC-compliant STIR/SHAKEN certificates for telecom providers of all sizes.

Tags:

Post a Comment

0 Comments