8028 SIP Doorphone (G2) FW 3.2
TLS for SIP Signaling and Provisioning
Algo devices that support firmware 1.6.4 or later support Transport Layer Security (TLS).
This feature adds security by ensuring that Algo products can trust the hosted SIP server.
This is useful for when third-party devices or attackers may try to intercept, replicate, or
alter Algo products, and try to connect to the server. TLS protocol will ensure that third
parties cannot read/modify any actual data. Previously security was less of a concern
because phone systems were on isolated networks, but hosted services are becoming
increasingly more common. Using a hosted SIP service requires traffic to be sent over the
public internet and thus much more susceptible to attacks. Signed certificates are an
important piece in the Algo device’s operation, to ensure the security, integrity, and
privacy of its communication. Algo components that use TLS are Provisioning and SIP
Signaling.
These Algo devices each come pre-loaded with certificates from a list of trusted certificate
authorities (CA), which are installed in the hardware at the time of manufacture. Note
these pre-installed trusted certificates are not visible to users and are separate from the
‘certs’ folder.
The TLS handshake happens to make sure that the client and server can trust each other,
and once that trust is established, the two parties can freely send encrypted data and
decrypt any data that they receive. After the TLS handshake process is complete, a TLS
session is established, and the server and client can then exchange messages that are
symmetrically encrypted with shared (pre-master) secret key.
For further details reference the Algo TLS guide for SIP Signalling and HTTPS
Provisioning.
Uploading Public CA Certificates to Algo SIP Endpoints
To install the public CA certificate on the Algo 8028, follow the steps below:
1. Obtain a public certificate from your Certificate Authority (any valid X.509 format
certificate can be accepted).
2. In the web interface of the Algo device, navigate to the System -> File Manager
tab.
3. Upload the certificate files into the 'certs/trusted' directory. Click the Upload
button in the top left corner of the file manager and browse to the certificate.
For SIP TLS and Provisioning TLS, the default public CA certificates are used.
Alternatively any valid X.509 format certificate is supported.
Document 90-00104
05/21/2020
Page 19
Algo Communication Products Ltd
4500 Beedie St Burnaby BC Canada V5J 5L2
www.algosolutions.com
(604) 454-3792
support@algosolutions.com
To Next Page
