For added security, Real-time Transport Protocol (RTP) traffic between the SIP bridge and the Verba Recorder must be sent over a Transport Layer Security (TLS) connection.
Configure the TLS connection by following these steps:
1. Create a pkcs12 file .pfx file including both the cert and private key (Figure 1):
openssl pkcs12 -inkey cert.key -in cert.pem -export -out rootCA.pfx
Figure 1 Command
2. Import this into the Windows certificate store using the Certificates snap-in via MMC.
3. Mark the key as exportable.
4. Ensure the key marker on the icon is visible and that the cert has an exportable key when the properties are viewed.
5. Copy the thumbprint.
6. Navigate to Verba’s Change Configuration Settings (Figure 2):
Unified Call Recorder -> Recording Providers -> SIP / SIPREC
Figure 2 Command
7. Add SIP port 5061 and edit this manually in the left panel to contain port|thumbprint||.
Note: The double pipe (||) must be included.
8. Select Save.
9. Follow the click here link to the Apply Settings page.
10. If the user receives a parsing error and/or sees random letters after port, they must go back and manually delete the port and first pipe and write it again.
11. Select Save then Apply again.
12. Once complete, add the cert to a Java cacert trust store to convert the original .pem cert file to a .crt file using the following commands (Figure 3):
openssl x509 -outform der -in <cacert.pem> -out <cacert.crt>
cd $JAVA_HOME/lib/security
cp cacerts cacerts.orig
sudo keytool -importcert -file <cert.crt> -keystore cacerts
Figure 3 Commands
If you experience issues configuring TLS between the SIP Bridge and the Verba Recorder, please contact Symphony Support at support@symphony.com for further assistance.