Configuring TLS between the SIP Bridge and the Verba Recorder

For added security, Real-time Transport Protocol (RTP) traffic between the SIP bridge and the Verba Recorder must be sent over a Transport Layer Security (TLS) connection.


Configure the TLS connection by following these steps:

1. Create a pkcs12 file .pfx file including both the cert and private key:

openssl pkcs12 -inkey cert.key -in cert.pem -export -out rootCA.pfx


2. Import this into the Windows certificate store using the Certificates snap-in via MMC.


3. Mark the key as exportable.


4. Ensure the key marker on the icon is visible and that the cert has an exportable key when the properties are viewed.


5. Copy the thumbprint.


6. Navigate to Verba’s Change Configuration Settings:

Unified Call Recorder -> Recording Providers -> SIP / SIPREC


7. Add SIP port 5061 and edit this manually in the left panel to contain port|thumbprint||.


Note: The double pipe (||) must be included.


8. Click Save.


9.  Follow the click here link to the Apply Settings page.


10. If the user receives a parsing error and/or sees random letters after port, they must go back and manually delete the port and first pipe and write it again.


11. Click Save then Apply again.

Once complete, add the cert to a Java cacert trust store using the following commands:

1. Convert the original .pem cert file to a .crt file:

openssl x509 -outform der -in <cacert.pem> -out <cacert.crt>


2. cd $JAVA_HOME/lib/security.


3. cp cacerts cacerts.orig.


4. sudo keytool -importcert -file <cert.crt> -keystore cacerts.


If you experience issues configuring TLS between the SIP Bridge and the Verba Recorder, please contact Symphony Support at for further assistance.