Child pages
  • How to enable TLS + SRTP

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Deploying TLS for devices that can be provisioned by openUC uniteme/sipxcom (like polycom Polycom phone) is as easy as just setting the transport to TLS in Line->Registration.


Image RemovedImage Added

To enable TLS on clients that are not provisioned (Zoiper) by openUC uniteme in the case you are using a self signed certificate (default SIP certificate  used by sipxcom/openUCuniteme) and if the client doesn’t offer the option to import it automatically you will need to first copy Certificate Authority from System ---> Certificates as shown in below screen and then paste it in a txt file renamed as cert.pem

Image Removed



Image RemovedImage Added

 

After importing Certificate Authority you will need to set transport to TLS  .

Image RemovedImage Added


Once the transport was changed to TLS one can simply verify this by looking on the registration page for “”transport=tls”” option.

 

Image RemovedImage Added


Enabling SRTP


For provisioned phones go to phone settings Phone Settings page --> security Security tab and enable SRTP:


Image RemovedImage Added



For Zoiper you need to manually select SRTP like on below screen (TLS with SDES SRTP)

 Image Removed

Next step to verify that your communications are secure will be to take a packet capture either by port mirroring on switch level if you are using just hard phones or launching a wireshark Wireshark capture on the PC where softphone is installed

Image Removed

Image Removed

 



Note: Polycom does not support wild-card certificates

...