For added security, Real-time Transport Protocol (RTP) traffic between the SIP Bridge and the Verba Recorder must be sent over a Transport Layer Security (TLS) connection.
Configure the TLS connection:
- Create a pkcs12 .pfx file including both the cert and the private key.
openssl pkcs12 -inkey cert.key -in cert.pem -export -out rootCA.pfx
- Import this file into the Windows certificate store using the Certificates snap-in via MMC.
- Mark the key as exportable.
- Ensure the key marker on the icon is visible and that the cert has an exportable key when the properties are viewed.
- Copy the thumbprint.
- Navigate to Verba’s Change Configuration Settings.
Unified Call Recorder -> Recording Providers -> SIP / SIPREC
- Add SIP port 5061 and edit this manually in the left panel to contain port|thumbprint||.
The double pipe (||) must be included. - Select Save.
- Follow the click here link to the Apply Settings page.
- If the user receives a parsing error or sees random letters after port, they must go back and manually delete the port and first pipe and write it again.
- Select Save, then select Apply again.
- Once complete, add the cert to a Java cacert trust store to convert the original .pem cert file to a .crt file using the following commands:
openssl x509 -outform der -in <cacert.pem> -out <cacert.crt>
cd $JAVA_HOME/lib/security
cp cacerts cacerts.orig
sudo keytool -importcert -file <cert.crt> -keystore cacerts
If you experience issues configuring TLS between the SIP Bridge and the Verba Recorder, please contact Symphony Support at support@symphony.com for further assistance.