I've deployed TCS v7.2.1 with SIP trunk to CUCM v11.5.1.
SIP trunk works fine with standard port 5060.
I followed the admin guide to put in SIP TLS mode. Took me some time to get the certificate right and get it uploaded on TCS.
On CUCM side the SIP trunk with Secure SIP profile becomes active.
On TCS side the trunk remains inactive.
When making call from endpoint registered on CUCM the call is in non-encrypted.
I enabled debugging (-d 2) on the TCS Content Engine service but the logs only show
“Debug: Sending trunk status [ Trunk Status = 4]”.
Anyone managed to get this working?
Indeed I carefully followed each step in the guide.
I had some problems with openssl to combine the cert and the private key in a pfx file.
40533386538520:error:060740A0:digital envelope routines:EVP_PBE_CipherInit:unknown cipher:evp_pbe.c:181:
140533386538520:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:87:
140533386538520:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:p12_decr.c:188:
140533386538520:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:p12_add.c:213:
Finally got it working by adding -descert: openssl pkcs12 -inkey privatekey.pem -in SIPTLS_tcs-csr.cer -export -out tcs_sip-cert.pfx -descert.
The certificate loaded on the TCS without errors.
But the SIP trunk on TCS side remains inactive.
I've activated debugging on the TCS Content Engine service (-d 2) but the logs do not show much details about the problem cause.
I've tried with the self signed certificate and the problem remained.
Then I changed the server FQDN to it's IP address and the trunk became active on TCS side.
But the recording session remained unencrypted. Probably because the endpoint (LSC) did not trust the TCS.
I will test again with the CA signed certificate and try again. Maybe I need to update the LSC's on all the endpoints too?