Configure TLS between the SIP Bridge and the Verba Recorder

For added security, Real-time Transport Protocol (RTP) traffic between the SIP Bridge and the Verba Recorder must be sent over a Transport Layer Security (TLS) connection.

Configure the TLS connection:

  1. Create a pkcs12 .pfx file including both the cert and the private key.
openssl pkcs12 -inkey cert.key -in cert.pem -export -out rootCA.pfx
  1. Import this file into the Windows certificate store using the Certificates snap-in via MMC.
  2. Mark the key as exportable.
  3. Ensure the key marker on the icon is visible and that the cert has an exportable key when the properties are viewed.
  4. Copy the thumbprint.
  5. Navigate to Verba’s Change Configuration Settings.
Unified Call Recorder -> Recording Providers -> SIP / SIPREC
  1. Add SIP port 5061 and edit this manually in the left panel to contain port|thumbprint||.
    The double pipe (||) must be included.
  2. Select Save.
  3. Follow the click here link to the Apply Settings page.
  4. If the user receives a parsing error or sees random letters after port, they must go back and manually delete the port and first pipe and write it again.
  5. Select Save, then select Apply again.
  6. Once complete, add the cert to a Java cacert trust store to convert the original .pem cert file to a .crt file using the following commands:
openssl x509 -outform der -in <cacert.pem> -out <cacert.crt>
cd $JAVA_HOME/lib/security
cp cacerts cacerts.orig
sudo keytool -importcert -file <cert.crt> -keystore cacerts

If you experience issues configuring TLS between the SIP Bridge and the Verba Recorder, please contact Symphony Support at support@symphony.com for further assistance.