Configuring Security Features
185
To upload a device certificate via the web user interface:
1. Click on Security->Server Certs.
2. Click Browse to locate the certificate (*.pem or *.cer) from your local endpoint.
3. Click Upload to upload the certificate.
During a confidential call, you can configure Secure Real-Time Transport Protocol (SRTP)
to encrypt RTP streams to avoid interception and eavesdropping. Both RTP and RTCP
signaling may be encrypted using an AES algorithm as described in RFC3711.
Encryption modifies the data in the RTP streams so that, if the data is captured or
intercepted, it cannot be understood—it sounds like noise. Only the receiver knows the
key to restore the data. To use SRTP encryption for SIP calls, the participants in the call
must enable SRTP simultaneously. When this feature is enabled on both endpoints, the
encryption algorithm utilized for the session is negotiated between the endpoints. This
negotiation process is compliant with RFC 4568.
When a site places a call on the SRTP enabled endpoint, the endpoint sends an INVITE
message with the RTP encryption algorithm to the destination endpoint.
The following is an example of the RTP encryption algorithm carried in the SDP of the
INVITE message:
m=audio 11780 RTP/SAVP 0 8 18 9 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:NzFlNTUwZDk2OGVlOTc3YzNkYTkwZWVkMTM1YWFj
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:NzkyM2FjNzQ2ZDgxYjg0MzQwMGVmMGUxMzdmNWFm
a=crypto:3 F8_128_HMAC_SHA1_80 inline:NDliMWIzZGE1ZTAwZjA5ZGFhNjQ5YmEANTMzYzA0
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
To Next Page
Loading...
