Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            1. Bicom Systems
            2. Solution home
            3. PBXware
            4. HOWTOs

            General :: HOWTO Enable TLS Encryption

            Emir Mujkanovic
            Modified on: Sat, 16 Mar, 2024 at 6:54 PM

            HOWTO Enable TLS Encryption

            This HowTo for TLS and SRTP expect that you already have certificate files. 

            For Yealink you can generate self signed certificates, but for Polycom (and probably Cisco) you will have to obtain certificate from certificate authorities. 

            Also, for setting up Polycom and Cisco devices, you will have to contact their support, as we haven't tested SRTP with these devices.

            To set up your system to use TLS encryption there are several things that have to be done:

            Server Settings

            • Navigate to: Settings ---> Protocols ---> SIP ---> TLS Settings ---> Enable TLS: Yes




            Once that is done, we need to restart asterisk.


            • Open terminal and enter:
              ssh root@PBXWARE_IP -p2020

              (replace PBXWARE_IP with server ip address, and use root password to authenticate on prompt)


            • Access asterisk using command:
              asterisk -rvvvvv

            • Restart asterisk using command:
              restart now
            • Access asterisk again and execute command:
              pjsip show transports
              to make sure TLS is enabled



            • In your PBXware GUI, go to Extensions, edit extension you will use for the testing, click Show advanced options and scroll down to Network Related section. In transport field, disable UDP and select TLS.

            Yealink Phone Settings

            To set up Yealink device for using SSL, open your device web interface in your browser and navigate to Security -> Trusted Certificates

            • Set Only Accept Trusted Certificates to Disabled
            • Click Browse button next to Load trusted certificates file, select your certificate file (ca.crt) from your disk and click upload button. After certificate is uploaded to your device it should be displayed in the list.
            • Click Confirm button.
            • In the Account tab, Transport must be set to TLS
            • Restart your device and test if you are able to make the call.

            SRTP

            Server Settings

            Make sure that Encryption is set under Extension ---> Advanced options ---> Network Related ---> Encryption: Offer if possible (TLS only)

            Yealink Phone Settings

            • In your phones web interface, go to Account tab
            • Select Account you're using to register with PBXware and click Advanced in the right panel.
            • Scroll down to Voice Encryption (SRTP) and select Enabled
            • Click Confirm button to save your changes.

            Articles in this folder

            You may like to read

            Preview
            0 of 0