You can use this root CA to sign the certificates for the client and the PBX instead of creating another one. If you disable the use of an external CA in the SIP proxy, an internal root CA is generated automatically. This article provides steps for creating a self-signed root CA.In Windows, you must install it separately. OpenSSL is already installed in most Linux distributions. You must install OpenSSL to create a self-signed CA and the certificates.If you are testing TLS, it is recommended that you test the scenario with the highest security because it is less fault-tolerant and more likely to produce problems in case of misconfiguration. You can configure the peers not to verify the certificates, but this is a less secure setup. The example scenario is illustrated in the following diagram:įor more security, configure all peers to verify the validity of the certificates and provide their own custom certificates. The SIP proxy in the CloudGen Firewall translates the network addresses in SIP messages to allow communication between the telephone and the PBX. The Barracuda CloudGen Firewall performs NAT between both networks. This article provides steps to configure SIP with TLS encryption in an example scenario where the telephone is located in a different network from that of the PBX.
0 kommentar(er)
