- Installation guide
- Setup connections
- Call routing
- General setup
- Network setup
- System monitoring
- Trouble shooting
- How to Configure Secure SIP - TLS
- Setup PBX Services
- Connect other PBX-es
- Generate encryption keys
- Encryption tool
- Developers guide
- Featured articles
How to Configure Secure SIP – TLS
Ozeki Phone System supports TLS in order to make the SIP communication secure. This guide will provide detailed information about how to setup Ozeki Phone System with Secure SIP (TLS). In this way, the SIP messaging will be encrypted. You can see how to create certificates with Simple CA, use Microsoft’s inbuilt importer for trusted certificates. And finally you will see how to configure IP phones to communicate SIP securely.
First of all, download and install Ozeki Phone System, then download and extract SimpleCA to C:\SimpleCA\. The certification process has a time dependency, so the correct time settings need to be set in the Control Panel.
Step 1) Creating certificates and keys
Run SimpleCA with the SimpleCA.exe file. You need to set up root CA. Select your country, organization and enter the new username and password, then click OK.
In the Server Certificates menu choose New Server Certificate Request.
Enter you country, state or province name, locality name, organization, organization unit, e-mail address and set the field common name to the IP address on which Ozeki Phone System will listen for incoming TLS connection requests. Once done, click OK. If you provide a domain name instead of the IP address, you need to give this domain name (not the IP address) when you will register your softphone to the PBX. You will be prompted to save this (unsigned) certificate.
Then give a name for the Certificate Signing Request.
In the Server Certificates menu choose Sign Server Certificate Request and select the previously created .csr file.
Check the given data and click OK to proceed to the next step.
Enter the same password you used, when you created the Root CA.
Simple CA will generate a pair of files, the security certificate (with .crt extension) and its decryption key (with .key extension).
Step 2) Configuring Ozeki Phone System with TLS
After you have created the certificates, you need to allow TLS in your PBX settings and add the created certificates, as well.
First open your PBX, then select PBX Features menu from the top of the web page, and select Preferences.
Now, enable the checkbox belongs to Use TLS transport type, type a port number to the textbox of Secure SIP Service port on which the PBX will receive secure connections and click on OK button.
Now, select TLS certificates menu from the left side of the web page, then click on Add button.
Here, you need to specify an IP address on which the certificate will be used. If the ANY ADDRESS option is selected, the opened certificate will be used on every network interface where no other certificates are in use. In the .crt textbox you need the specify the path of the previously created .crt file (e.g. 192.168.115.174.crt), while in the Private key textbox the path of the .key file (e.g. 192.168.115.174.key) has to be specified.
Step 3) Configuring the client PC (on which the softphone is installed)
Now, you need to register your own phone certificate on the machine where your softphone is installed. Now, open the main directory of your simpleca software, find ca.crt file (not the 192.168.115.174.crt file) and double-click on it.
Click on Install Certificate... button to enable this certificate.
Click on Next button.
Then, select Place all certificates in the following store and click on Browse button.
On the next window, select Trusted Root Certification Authorities to be used. Then click on Ok and Next buttons.
The certificate will be imported after you click on Finish button.
On the next window, click on Yes button to confirm the installation of this certificate.
Step 4) Configuring Bria and 00_OzekiDemoSoftphoneWPF to use TLS
In your Bria client go to File - > Account Settings then select an account and click Edit. On the Account tab, modify the Proxy Address. The port number should be 5061 by default.
Go to Security tab and select the TLS for signaling transport. Finally click OK.
The following figure shows how to setup 00_OzekiDemoSoftphoneWPF (http://www.voip-sip-sdk.com/) to use TLS. You need to provide the SIP account data, the IP address or domain name that you have provided when you created the certificate. And you need to select Tls transport type.
In this guide, you could read about how to setup TLS in your Ozeki Phone System. You could see how to make certificates and keys, how to apply it in Ozeki PBX, and how to configure your softphone to use TLS for communication.
If you have any questions or need assistance, please contact us at email@example.com
People who read this also read...
- Network setup
- How to setup your PBX to go through firewall
- What is SRTP (Secure Real-time Transport Protocol)?
- Ozeki Phone System Data Sheet
- General setup of Ozeki Phone System XE PBX
- Network setup by using Ozeki Phone System XE PBX
- System monitoring in Ozeki Phone System XE PBX
- Trouble shooting pages for Ozeki Phone System XE PBX