Brekeke Documents

Find user guides, developer guides, API references, tutorials, and more!

Brekeke SIP Server Wiki

  1. Brekeke SIP Server Basic Info
  2. Security
  3. Update & Upgrade
  4. Configuration
    1. Installation
    2. Basic Setup
    3. BSS Administration Tool
    4. Network Configuration
    5. Dial Plan
    6. Block List
    7. Provisioning
    8. Push Notification
    9. SDN
    10. STIR/SHAKEN
    11. Advanced Edition
      1. Alias function
      2. Call detailed records (CDR)
      3. Failover
      4. Load balancing by BSS
      5. RADIUS
      6. TLS
        1. Key and Certificate
        2. How to create a self-signed certificate using OpenSSL
        3. How to install a certificate chain
        4. Peer Certification Validation
        5. Environment Variables for TLS
        6. Monitoring and Diagnostic
        7. How to convert TLS to another transport protocol (UDP,TCP)
      7. SRTP Conversion
      8. Redundancy
      9. Brekeke Heartbeat Remote Access Setup
      10. Brekeke SIP Server Failure Notification
      11. Heavy loads alert with Brekeke Heartbeat
      12. Monitoring SIP Devices with Heartbeat
    12. Other Functions
    13. Third-Party Database
    14. Environment Variables
  5. Troubleshooting
  6. Developer's Guide
  7. Version History

Making SIP Calls to Other Servers Over TLS

There are two methods in Brekeke SIP Server v3 to establish SIP sessions with other servers over TLS transport.

 

Method 1: 

Establish TLS connection without destination server’s certificate From Brekeke SIP Server Admintool > [Configuration] > [SIP] -> [TLS],

– Set [Peer Certification Validation]: off

 

Method 2:

Establish TLS connection with destination server’s root certificate installed at Brekeke SIP Server machine.

From Brekeke SIP Server Admintool > [Configuration] > [SIP] -> [TLS],
– Set [Peer Certification Validation]: on

– Add destination server certification, such as “ca.crt”, to “cacerts” file on Brekeke SIP server machine with following command:

keytool -import -trustcacerts -alias server -file ca.crt -keystore cacerts

“cacerts” file is at <JAVA-HOME>/lib/security/

 

With Method 2 to validate certificate, Brekeke SIP server will provide more secured connection over TLS.

 

The following Dial Plan rule is needed to add at Brekeke SIP Sever Admintool to send calls to destination server over TLS.

Rule:
--------------------
[Matching Patterns]
$request = ^INVITE
To = sip:(.+)@

[Deploy Patterns]
To = sip:%1@<destinaiton_server_IP>:5061
$transport = tls
--------------------
Yes No
« How to install a certificate chainEnvironment Variables for TLS »
Suggest Edit