02-07-2018 11:44 AM - edited 03-18-2019 01:51 PM
From what I have read CUBE always performs mutual authentication with SIP-TLS. From what I can see however, there is only a single trustpoint referenced in the 'crypto signaling' command under sip-ua. This implies that both sides must have a certificate signed by the same CA. Is it possible to have both sides have certificates signed by two different 3rd-party CAs?
The case I am dealing with is our CUBE's certificate would be signed by our certificate provider (GoDaddy for example), and the carrier's (Intelepeer) would be signed by whoever they use.
Also, we are only doing SIP-TLS/SRTP from the CUBE to carrier, and not between the CUBE and UCM.
UCM--LAN(SIP/RTP)-->CUBE--INTERNET(SIP-TLS/SRTP)-->ITSP
-Thanks
Solved! Go to Solution.
02-15-2018 01:20 PM
02-07-2018 11:53 AM
02-07-2018 11:56 AM - edited 02-07-2018 11:57 AM
Ok thanks,
Also worth mentioning, we are deploying a standalone CUBE; not an HA pair.
-Thanks
02-07-2018 12:05 PM
02-07-2018 12:44 PM - edited 02-07-2018 01:08 PM
Thanks for the reply,
I would prefer to not use self-signed certificates if possible for security reasons. I would still have the same situation however; the ITSP would need to import my cert, and I would need to import their cert; and somehow the router know which is used for what.
I found a Cisco document that I am trying to follow, and I may be just misunderstanding the configuration example:
I understand that the CSR is generated on the router, and the intelepeer certificates are imported. I also see where the router is configured to authenticate signaling received from Intelepeer with the IntelepeerCA trustpoint via the"crypto signaling remote-addr 68.68.123.103 255.255.255.255 trustpoint intelpeerCA" command. However, I am failing to see where the router is instructed to use it's own certificate (the tekvlabsCA trustpoint in the example) in order to authenticate to Intelepeer.
02-07-2018 02:52 PM
02-15-2018 01:20 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide