AudioCodes 445HD - Configuring SIP TLS; Server Certificate Validation for Secured HTTPS Communications over SSL; Table 7-4: SIP-Over-TLS Parameters; Table 7-5: Server Certificate Validation for Secured HTTPS Communications over SSL

AudioCodes 445HD

242 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Administrator's Manual 7. Configuring Security

Version 3.4.3 157 400HD Series IP Phones

7.3 Configuring SIP TLS

This section shows how to manage Transport Layer Security (TLS) and certificates. TLS is

a cryptographic protocol which provides communication security over the transport layer

(TCP). TLS is used to secure the phone's SIP signaling connections. Typically, TLS protocol

uses Private and Public keys for authentication. A Certification Authority (CA) performs

authentication. Full protocol specification is updated in RFC 5246.

Note: Before you can connect to a TLS server, you need to make sure the same

certificate and Trusted Root CA are loaded to the phone and to the TLS server.

 To configure TLS for the phone-server SIP connection:

• Use the table as reference.

Table 7-4: SIP-over-TLS Parameters

Parameter Description

voip/signalling/sip/transport_protocol Specifies the SIP Transport protocol.

• If using the 'sip' prefix, set to 'TLS'

•

If using the 'sips' prefix, set to 'TCP'

voip/signalling/sip/tls_port Defines the local TLS SIP port for SIP messages.

Range:1024 - 65535. Default:5061.

voip/signalling/sip/enable_sips

If signaling protocol is set to TCP and we want to

activate TLS, this parameter should be enabled. In

this case we will use 'sips' prefix instead of “sip:”

7.3.1 Server Certificate Validation for Secured HTTPS

Communications over SSL

This feature decreases vulnerability to breaches of security. If validation fails after installing

phone firmware, the SIP TLS application impacted.

The certificate is verified in two steps:

 The Root CA is installed using provisioning.

 The server’s hostname is validated; for each certificate in the chain, the ‘issuer’ field in

the certificate must match the ‘subject’ field of the issuer (uppermost in the chain)

certificate.

 To configure the feature using the Configuration File:

 Use the table as reference.

Table 7-5: Server Certificate Validation for Secured HTTPS Communications over SSL

Parameter Name Description

[security/SSLCertificateErrorsMode]

•

Disallow (default) = TLS connection will be rejected

and the phone will not communicate with the server.

• Ignore = Allows backward compatibility though

vulnerability will increase; the phone will proceed

without checking the received certificates and

without any notifications.

Table of Contents

Other manuals for AudioCodes 445HD

User Manual126 pages

Quick Guide12 pages

Related product manuals

Preview: AudioCodes 440HD

AudioCodes 440HD

Preview: AudioCodes 405

Preview: AudioCodes 450HD

AudioCodes 450HD

Preview: AudioCodes 420HD

AudioCodes 420HD

Preview: AudioCodes 405HD

AudioCodes 405HD

Preview: AudioCodes 430HD

AudioCodes 430HD

Preview: AudioCodes 400HD Series

AudioCodes 400HD Series

Preview: AudioCodes C470HD

AudioCodes C470HD

Preview: AudioCodes C455HD

AudioCodes C455HD

Preview: AudioCodes C435HD

AudioCodes C435HD

Preview: AudioCodes C450HD

AudioCodes C450HD

Preview: AudioCodes C455HD Series

AudioCodes C455HD Series