Making SIP Calls to Other Servers Over TLS
There are two methods in Brekeke SIP Server v3 to establish SIP sessions with other servers over TLS transport.
Establish TLS connection without destination server’s certificate From Brekeke SIP Server Admintool > [Configuration] > [SIP] -> [TLS],
– Set [Peer Certification Validation]: off
Establish TLS connection with destination server’s root certificate installed at Brekeke SIP Server machine.
From Brekeke SIP Server Admintool > [Configuration] > [SIP] -> [TLS],
– Set [Peer Certification Validation]: on
– Add destination server certification, such as “ca.crt”, to “cacerts” file on Brekeke SIP server machine with following command:
keytool -import -trustcacerts -alias server -file ca.crt -keystore cacerts
“cacerts” file is at <JAVA-HOME>/lib/security/
With Method 2 to validate certificate, Brekeke SIP server will provide more secured connection over TLS.
The following Dial Plan rule is needed to add at Brekeke SIP Sever Admintool to send calls to destination server over TLS.
-------------------- [Matching Patterns] $request = ^INVITE To = sip:(.+)@ [Deploy Patterns] To = sip:%1@<destinaiton_server_IP>:5061 $transport = tls --------------------