1. Bicom Systems
  2. Solution home
  3. PBXware
  4. HOWTOs

General :: HOWTO Enable TLS Encryption

HOWTO Enable TLS Encryption

This HowTo for TLS and SRTP expect that you already have certificate files. 

For Yealink you can generate self signed certificates, but for Polycom (and probably Cisco) you will have to obtain certificate from certificate authorities. 

Also, for setting up Polycom and Cisco devices, you will have to contact their support, as we haven't tested SRTP with these devices.

To set up your system to use TLS encryption there are several things that have to be done:

Server Settings

  • Navigate to: Settings ---> Protocols ---> SIP ---> TLS Settings ---> Enable TLS: Yes

Once that is done, we need to restart asterisk.

  • Open terminal and enter:
    ssh root@PBXWARE_IP -p2020

    (replace PBXWARE_IP with server ip address, and use root password to authenticate on prompt)

  • Access asterisk using command:
    asterisk -rvvvvv

  • Restart asterisk using command:
    restart now
  • Access asterisk again and execute command:
    pjsip show transports
    to make sure TLS is enabled

  • In your PBXware GUI, go to Extensions, edit extension you will use for the testing, click Show advanced options and scroll down to Network Related section. In transport field, disable UDP and select TLS.

Yealink Phone Settings

To set up Yealink device for using SSL, open your device web interface in your browser and navigate to Security -> Trusted Certificates

  • Set Only Accept Trusted Certificates to Disabled
  • Click Browse button next to Load trusted certificates file, select your certificate file (ca.crt) from your disk and click upload button. After certificate is uploaded to your device it should be displayed in the list.
  • Click Confirm button.
  • In the Account tab, Transport must be set to TLS
  • Restart your device and test if you are able to make the call.


Server Settings

Make sure that Encryption is set under Extension ---> Advanced options ---> Network Related ---> Encryption: Offer if possible (TLS only)

Yealink Phone Settings

  • In your phones web interface, go to Account tab
  • Select Account you're using to register with PBXware and click Advanced in the right panel.
  • Scroll down to Voice Encryption (SRTP) and select Enabled
  • Click Confirm button to save your changes.