11-10-2015 03:50 PM - edited 03-17-2019 04:51 AM
I have a Cisco AS-SIP phone and CUCM 10.5. I would like to decrypt the SIP (over TLS) packets that are exchanged between my CUCM 10.5 server and the AS-SIP phone.
How is this done? Is there a guide on how to do this ?
11-10-2015 04:54 PM
Br,
Nadeem
PS:Please rate all useful post.
11-10-2015 05:24 PM
By "be able to see the TLS+SRTP" I assume you mean "be able to see the decrypted TLS" ?
The guide you outlined is actually the one I followed when I googled for this topic. However, I can't get it to work. The list of different certificates on CUCM is long and I'm not sure which certificate to pick. When I go into my Cisco phone's Security settings (CTL FILE) I see that CAPF server is defined as 'CAPF-01b24746' and I was able to find a certificate with the same name in the CUCM certificate list, so that's the one I picked....but again...it doesn't work!
See attached screenshots. What am I doing wrong? As you'll notice the Wireshark version (1.12.8) I'm using has a different UI for the SSL settings and the SSL logfile states:
Wireshark SSL debug log
ssl_load_key: can't import pem data: Base64 unexpected header error.
Also, I don't know the password/pre-shared key for the certificate (if there is one??) I got from the CUCM server.
I am interested in seeing the decrypted SIP messages and RTP payloads in Wireshark.
12-21-2017 02:03 PM
Hi,
I currently have a similar situation and i want to know if you can find the way to load the adequate file. Because i can't find them too
Thank's
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide