11-10-2015 03:50 PM - edited 03-17-2019 04:51 AM
I have a Cisco AS-SIP phone and CUCM 10.5. I would like to decrypt the SIP (over TLS) packets that are exchanged between my CUCM 10.5 server and the AS-SIP phone.
How is this done? Is there a guide on how to do this ?
11-10-2015 04:54 PM
Br,
Nadeem
PS:Please rate all useful post.
11-10-2015 05:24 PM
By "be able to see the TLS+SRTP" I assume you mean "be able to see the decrypted TLS" ?
The guide you outlined is actually the one I followed when I googled for this topic. However, I can't get it to work. The list of different certificates on CUCM is long and I'm not sure which certificate to pick. When I go into my Cisco phone's Security settings (CTL FILE) I see that CAPF server is defined as 'CAPF-01b24746' and I was able to find a certificate with the same name in the CUCM certificate list, so that's the one I picked....but again...it doesn't work!
See attached screenshots. What am I doing wrong? As you'll notice the Wireshark version (1.12.8) I'm using has a different UI for the SSL settings and the SSL logfile states:
Wireshark SSL debug log
ssl_load_key: can't import pem data: Base64 unexpected header error.
Also, I don't know the password/pre-shared key for the certificate (if there is one??) I got from the CUCM server.
I am interested in seeing the decrypted SIP messages and RTP payloads in Wireshark.
12-21-2017 02:03 PM
Hi,
I currently have a similar situation and i want to know if you can find the way to load the adequate file. Because i can't find them too
Thank's
Daniel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: