| Configuring the Security Features | 207
2. Configure and save the following settings:
Parameter Description Configuration Method
Device Certificates
Specify the type of the server
certificates for the system to
send for TLS authentication.
• Default Certificates
• Custom Certificates
Note: the default value is Default
Certificates.
If you change this parameter, the
system will reboot to make the
change take effect.
Web user interface
Upload Server Certificate File
Upload the server certificate.
Note: The certificate you want
to upload must be in *.pem,
*.crt, *.cer or *.der format. Only
one server certificate can be
uploaded to the system.
Web user interface
Secure Real-Time Transport Protocol (SRTP)
Secure Real-Time Transport Protocol (SRTP) encrypts the RTP during SIP calls to avoid interception and
eavesdropping. The RTP and the RTP stream in a call are encrypted by AES algorithm which is compliant
with RFC3711. The data in the RTP stream cannot be understood even though it is captured or intercepted.
Only the receiver has the key to restore the data. To use SRTP, the parties participating in the call must
enable SRTP feature simultaneously. When this feature is enabled on both sites, the encryption type used in
the session is negotiated by the systems. This negotiation process is compliant with RFC 4568.
When you place a call that enables SRTP, the system sends an INVITE message with the RTP encryption
algorithm to the destination system.
The rules of SRTP for media encryption in SIP calls are described as below:
Far Local Compulsory Optional Disabled
Compulsory SRTP Call SRTP Call Fail to establish a call
Optional SRTP Call SRTP Call RTP Call
Disabled Fail to establish a call RTP Call RTP Call
Example of the INVITE message carried with the RTP encryption algorithm in the SDP is described as below:
To Next Page
Loading...
