Deploying TLS for devices that can be provisioned by openUC uniteme/sipxcom (like polycom Polycom phone) is as easy as just setting the transport to TLS in Line->Registration.
To enable TLS on clients that are not provisioned (Zoiper) by openUC uniteme in the case you are using a self signed certificate (default SIP certificate used by sipxcom/openUCuniteme) and if the client doesn’t offer the option to import it automatically you will need to first copy Certificate Authority from System ---> Certificates as shown in below screen and then paste it in a txt file renamed as cert.pem
After importing Certificate Authority you will need to set transport to TLS .
Once the transport was changed to TLS one can simply verify this by looking on the registration page for “”transport=tls”” option.
For provisioned phones go to phone settings Phone Settings page --> security Security tab and enable SRTP:
For Zoiper you need to manually select SRTP like on below screen (TLS with SDES SRTP)
Next step to verify that your communications are secure will be to take a packet capture either by port mirroring on switch level if you are using just hard phones or launching a wireshark Wireshark capture on the PC where softphone is installed
Note: Polycom does not support wild-card certificates