SIPServer TLS, without certificate

[alexandercoachman]

I would like to connect my SIP Server to an external gateway. We have problems with the TCP connections (doesnt arrives a TCP ACK), so we would like to try with TLS.

I set this option in the SIPServer application to 5061, I restarted the SIPServer but the netstat doesnt shows the listening port. In the SIP server logs I found:

7:21:57.250:(1) TLS options not configured correctly for port=5061.

I know, that I should use a certificate, but it doesnt work without this?

Rgds, Sandor

[René]

Hi,

Certificate is mandatory for TLS and it cannot work without it. Please read some info about TLS (SSL) to understand how it works.

R.

[alexandercoachman]

Thanks René.

[alexandercoachman]

Should I configure another genesys components with TLS, or is it enough on the trunk DN? Should I configure it on VoIP DN (treatment service)?

We have a working TLS connection between SIPServer and an external gateway, but when the media stream starts, (in logs it seems that everything works fine) on the client videoconferencing system doesnt appear any video or voice...

Any ideas?

[alexandercoachman]

And this is the same problem with using TCP.


I dont have any idea how to resolve this...

[rpenney]

Wireshark is your friend 

See where you can span the traffic and use the features of Wireshark to look at the SIP messages and the RTP streams.

You can often get the gateway to span the traffic for you.

Add the TLS certificates into wireshark and it will decode the streams.

What are you using to generate the video or voice?

[Allan]

Refer page 87 of the Security Deployment guide onwards

[alexandercoachman]

Thank you Allan.
It works now with thumbprint.

Sandor