Mitel Deutschland GmbH 68635RFP36U-01 Manuale Utente
Configuration and Administration
319
IMPORTANT :
A handover of an SRTP call to a site with disabled SRTP will drop the
call.
IMPORTANT :
SDES specifies as key exchange method the negotiation over SDP
included in the SIP signaling. Therefore, we recommend to use TLS to encrypt the
key exchange.
IMPORTANT :
Please enable “SRTP = only” mode exclusively when all communication
can be established with SRTP. Depending on the call server some features or
gateways may not offer SRTP.
7.31 SIP OVER TLS
The transport protocol modes “TLS” or “Persistent TLS” enable a private and authenticated signaling,
including safe key exchange for SRTP encryption.
including safe key exchange for SRTP encryption.
The transport protocol and all further security settings can be set via the OMP
System -> SIP-> Security
tab and the OMP
System -> SIP-> Certificate Server tab.
The following parameters can be set:
General
•
Transport protocol: The protocol used by the OMM to send/receive SIP signaling. Default is “UDP”.
•
Persistent TLS Keep alive timer active: When enabled and “Persistent TLS” is selected as transport
protocol, the OMM sends out keep alive messages periodically to keep the TLS connection open.
•
Persistent TLS Keep alive timer timeout: Specifies the time, in seconds, between keep-alive
messages sent out by the OMM. Valid values are “10” to “3600”. Default is “30” seconds.
•
Send SIPS over TLS active: When enabled and “TLS” or “Persistent TLS” is selected as transport
protocol, the OMM uses SIPS URIs in the SIP signaling. Default is “ON”.
•
TLS authentication: When enabled and “TLS” or “Persistent TLS” is selected as transport protocol,
the OMM validates the authenticity of the remote peer via exchanged certificates and the configured
“Trusted certificates”. Default is “ON”.
“Trusted certificates”. Default is “ON”.
•
TLS common name validation: When enabled and “TLS authentication” is selected the OMM
validates the “Alternative Name” and “Common Name” of the remote peer certificate against the
configured proxy, registrar and outbound proxy settings. If there is no match an established TLS
connection will be closed immediately.
configured proxy, registrar and outbound proxy settings. If there is no match an established TLS
connection will be closed immediately.
PEM file import
•
Allows the manual import of Trusted, Local Certificates and a Private Key in PEM file format.
The following parameters can only be read and should ease the handling of certificates:
•
Trusted Certificates: The number of imported trusted certificates.
•
Local Certificate chain: The number of imported certificates in the local certificate chain.
•
Private Key: Is a private key imported or not.