• Home
  • Hardware & Software

Enable SIP Signalling over TLS

Written by Marissa Orsini

Updated at April 25th, 2023

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • The Essentials
    FAQs Forms
  • Announcements
    Carrier Events mFax Events Platform Events Release Notes
  • Billing Administration
    Datagate OneBill
  • Faxing
    mFax - Analog mFax - Digital Native Fax
  • Hardware & Software
    Manual Configuration Provisioning NDP Axis Cisco Fanvil Grandstream Polycom Snom Yealink Mobile Applications Desktop Applications Mobile-X SNAPbuilder TeamMate Connector UC Integrator
  • Hosted Voice
    Auto Attendants Branding Call Queues Call Routing CDRs Conferencing E-911 Features Fraud Integrations Inventory / Phone Numbers Local & Toll Free Porting Onboarding Recommendations SNAP.HD SIP Trunking SMS / MMS Users Voicemail Caller ID
  • Troubleshooting
    VoIPmonitor Firewalls PBX
  • Ray's Stuff
+ More

Table of Contents

Scope Requirements Overview Currently Supported Models Enable TLS via Manager Portal Enable TLS via Domain Overrides Overrides For Enabling SIP Signalling over TLS

Scope

Intended Audience: White Label Partners or Higher

This document provides a list of overrides that you will need to enable SIP Signalling over TLS

 

Requirements

White label access to the Manager Portal

 

 

Overview

Our core servers support TLS (Transport Layer Security) which is a form of encrypting communication for SIP Signalling between the hard phone and the core.  TLS is an effective measure to increase the security of SIP Signalling communication between the client and the server.   SIP Signalling may also be configured on the Trunk on your on-premises PBX and not limited to the phone which requires ISRG ROOT X1 CA to work.  Our server will listen on port 5061.  

Currently Supported Models

Below is a list of phones and their respective supported firmware that we have tested with TLS.  If your phone is not on the list, ensure that the phone's firmware has CA support for ISRG Root X1 certificate.

Model Minimum Required Firmware
T27G 69.85.0.22 
T46S, T48S, T42S, T41S 66.85.0.22
T53W, T54W, T53, T57W 96.85.0.22
CP920 78.85.0.22
T46U, T48U,T43U,T42U 108.85.0.22
T58V, T56A 58.85.0.22
VP59 91.85.0.22
CP960 73.85.0.22
SNOM D7X 10.1.73 as tested,
GRP2600 1.0.5.45 as tested
Polycom CCX UC 7.2.2 ( Unreleased )
Polycom VVX(300,310,400,410,500,600,1500) 5.9.8 + ( Unreleased )
Polycom ( VVXxx1 and VVX50 ) 6.4.2 (Available Now)

Enable TLS via Manager Portal

  1. Log in to the Manager Portal
  2. Navigate to Inventory > Phone Hardware
  3. Click the pencil icon on the right
    NOTE: Do not click the MAC Address as this will open SNAPbuilder
  4. Select the Advanced tab
  5. Click the Transport Method to TLS
  6. Alternatively, you can bulk-edit phones and change the Transport Method of the selected phones to TLS
  7. Click Save and Resync to apply your changes to the phone
    NOTE: The phone will reboot

Enable TLS via Domain Overrides

  1. Log in to the Manager Portal
     
  2. Navigate to the domain
     
  3. Click Edit Domain
     
  4. Click Defaults tab
     
  5. Scroll all the way down, Enter the overrides to enable TLS in the Domain Defaults

    Example: To enable TLS for Yealink
  6. Click Save
    NOTE: Overrides should be formatted without spaces with the configuration value enclosed in quotation marks.  Phones will have to be rebooted

Overrides For Enabling SIP Signalling over TLS

  1. Polycom
voIpProt.server.1.transport="TLS"
voIpProt.SIP.outboundProxy.transport="TLS"
reg.1.server.1.port="5061"
reg.1.server.2.port="5061"
reg.1.server.1.transport="TLS"        
reg.1.server.2.transport="TLS"        
reg.1.server.3.transport="TLS"
  1. Polycom CCX below firmware 7.2.2 and VVX ( 300,310,400,410,500,600,1500 ) firmware below 5.9.8 requires the following override to load the letsencrypt certificate.
extra_file="ISRGROOTX1_CACERT.xml"
  1. Yealink
account.1.sip_server.1.transport_type="2"
  1. SNOM 
transport=tls,sbc.ucaasnetwork.com
  1. Grandstream
P29095="1"
P29195="1"
P29295="1"
P29395="1"
P29495="1"
P29595="1"
P183="3"
P443="3"
P543="3"
P643="3"
P1743="3"
P1843="3"

 

tls enable sip tls

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Change Transport Type on Devices to TLS
  • View Phone's Contact IP

Knowledge Base Software powered by Helpjuice

Expand