For extra security, you may wish to have the
VCS communicate with other systems (e.g.
servers such as LDAP servers or clients such
as SIP endpoints) using TLS encryption.
For this to work successfully in a connection
between a client and server:

the server must have a certificate installed
that verifies its identity. This certificate
must be signed by a Certificate Authority
(CA).
the client must trust the CA that signed the
certificate used by the server.

The VCS allows you to install appropriate files
so that it can act as either a client or a server
in connections using TLS.

•

Select the file containing trusted CA...

Allows you to upload a PEM file that identifies
the list of Certificate Authorities trusted by
the VCS. The VCS will only accept certificates
signed by a CA on this list. If you are
connecting to an LDAP database using TLS
encryption, the certificate used by the LDAP
database must be signed by a CA on this list.

Upload CA certificate

Click here once you have selected the file to
upload it.

Select the server private key file

Allows you to upload a PEM file that identifies
the private key used to encrypt the server
certificate used by the VCS. This private key
must not be password protected.

Select the server certificate file

Allows you to uploads PEM file that
contains the server certificate used for
HTTPS connections to the VCS from user
or administrator web browsers, and by SIP
endpoints or servers connecting to the VCS
over TLS.

Download server certificate

Provides you with the PEM file containing the
certificate used by the VCS to identify itself to
SIP and HTTPS clients when communicating
over SSL/TLS.

Maintenance

Security

Enabling Security

The files that enable secure connections over
TLS are installed via the web interface. They
cannot be installed using the CLI.
To enable security using the web interface:

Maintenance > Security

You will be taken to the

Security

page.

•

Upload server certificate data

Click here once you have selected the files to
upload them.