09-29-2011 04:17 AM - edited 03-21-2019 04:44 AM
Hello,
I am trying to find out how to upload our Root certificate to a SPA phone so we can use TLS for SIP signaling, and therefore have the phone trust our SBC's.
Please advise on how to do this.
Kind regards
Adam
Solved! Go to Solution.
09-30-2011 01:37 PM
If you've submitted a request for a cert to do https provisioning previously, you may already have the combinedca file that does the client auth. Note as per below paragraph states, this is an optional addtional security measure.
When the TLS feature is enabled, the SPA initiates a TLS session to the SBC. The SBC
returns a public certificate to the SPA. The SPA uses this information to create a shared secret
and performs the key exchange with the SBC. The SPA then initiates a session using the
shared secret to encrypt the signaling path to the SBC. As an additional security measure, the
SBC could authenticate the SPA provided the SBC has the correct client root certificate.
09-30-2011 01:37 PM
If you've submitted a request for a cert to do https provisioning previously, you may already have the combinedca file that does the client auth. Note as per below paragraph states, this is an optional addtional security measure.
When the TLS feature is enabled, the SPA initiates a TLS session to the SBC. The SBC
returns a public certificate to the SPA. The SPA uses this information to create a shared secret
and performs the key exchange with the SBC. The SPA then initiates a session using the
shared secret to encrypt the signaling path to the SBC. As an additional security measure, the
SBC could authenticate the SPA provided the SBC has the correct client root certificate.
10-05-2011 02:16 AM
Thank you.
We now have SPA phones working with TLS/sRTP on our network and are enjoying the audio "bling beep" indicating that this is working.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: