Configure TLS between SIP Bridge and Verba for recording

For added security, Real-time Transport Protocol (RTP) traffic between the SIP bridge and the Verba Recorder needs to be sent over a Transport Layer Security (TLS) connection.

 

Configure the TLS connection by following these steps:

1. Create a pkcs12 file .pfx file including both the cert and private key:


openssl pkcs12 -inkey cert.key -in cert.pem -export -out rootCA.pfx

 

2. Import this into the Windows certificate store using the Certificates snap-in via MMC

 

3. Mark the key as exportable

 

4. Ensure the key marker on the icon is visible and that the cert has an exportable key when the properties are viewed

 

5. Copy the thumbprint

 

6. Navigate to Verba’s Change Configuration Settings:


Unified Call Recorder -> Recording Providers -> SIP / SIPREC

 

7. Add SIP port 5061 but edit it manually in the left panel to contain the port|thumbprint||

 

Note: The trailing double pipe (||) is very important to include

 

8. Save, then follow the click here link to the Apply Settings page

 

9. If the user receives a parsing error and/or sees random letters after port, they must go back and manually delete the port and first pipe and write it again.

 

10. Click Save then Apply again

Once complete, add the cert to a Java cacert trust store using the following commands:

1. Convert the original .pem cert file to a .crt file:
openssl x509 -outform der -in <cacert.pem> -out <cacert.crt>

 

2. cd $JAVA_HOME/lib/security

 

3. cp cacerts cacerts.orig

 

4. sudo keytool -importcert -file <cert.crt> -keystore cacerts

 

If you experience issues configuring TLS between the SIP Bridge and Verba for recording, please contact Symphony Support at support@symphony.com for further assistance.