HOWTO Enable TLS Encryption

This HowTo for TLS and SRTP expect that you already have certificate files. For Yealink you can generate self signed certificates, but for Polycom (and probably Cisco) you will have to obtain certificate from certificate authorities. Also, for setting up Polycom and Cisco devices, you will have to contact their support, as we haven't tested SRTP with these devices.

To set up your system to use TLS encryption there are several things that have to be done:

Server Settings

  • Navigate to: Settings ---> Protocols ---> SIP ---> enable TLS
  • Create asterisk.pem file which will consist out of Private key and Certificate. For pem files please check this link
  • Open terminal and enter:
ssh root@PBXWARE_IP -p2020

(replace PBXWARE_IP with server ip address, and use root password to authenticate on prompt)

  • Insert asterisk.pem file into directory: /opt/pbxware/pw/etc/asterisk/
  • Access asterisk using command:
asterisk -rvvv
  • Restart asterisk using command:
restart now
  • Access asterisk again and execute command:
pjsip show transports

to make sure TLS is enabled

  • In your PBXware GUI, go to Extensions, edit extension you will use for the testing, click Show advanced options and scroll down to Network Related section. In transport field, disable UDP and select TLS.

Yealink Phone Settings

To set up Yealink device for using SSL, open your device web interface in your browser and navigate to Security -> Trusted Certificates

  • Set Only Accept Trusted Certificates to Disabled
  • Click Browse button next to Load trusted certificates file, select your certificate file (ca.crt) from your disk and click upload button. After certificate is uploaded to your device it should be displayed in the list.
  • Click Confirm button.
  • In the Account tab, Transport must be set to TLS
  • Restart your device and test if you are able to make the call.

SRTP

Server Settings

Make sure that Encryption is set under Extension ---> Advanced options ---> Network Related ---> Encryption: Offer if possible (TLS only)

Yealink Phone Settings

  • In your phones web interface, go to Account tab
  • Select Account you're using to register with PBXware and click Advanced in the right panel.
  • Scroll down to Voice Encryption (SRTP) and select Enabled
  • Click Confirm button to save your changes.