Secure RTP with SIP over TLS

This applies to VoIP Delivery/DMS only.

The SIP Proxy adapter supports TLS encryption for SIP (SIP/TLS) signalling, and encrypted RTP (sRTP) for audio. The SIP Proxy adapter will accept public/private keys stored in either JKS or PKCS12 format. The key algorithm must be RSA.

You can use the same certificate(s) for each Integration Service in a multiple Integration Service deployment, or you can generate different ones for each.

Keys from the keystore are used to generate certificates that are stored on both the Integration Service and UCM, as illustrated in the following diagram:

Keys used to generate certificates on the Verint Integration Server and Cisco Call Manager server

To configure the SIP Proxy adapter for Secure RTP you must do the following:

Set up keys for certificates.
Add a new SIP Trunk Security Profile to UCM.
Create a Secure SIP Trunk for an Integration Service.
Configure a SIP Proxy Adapter, choosing SIP over TLS as the SIP Protocol, and completing the TLS Parameters section

When using the Secure RTP for SIP signalling feature, you must disable RTP Detection on the recorder (as it is not supported for encrypted audio-on-wire). In Recorder Manager click General Setup > Capture Settings > IP Recorder. Under RTP Detection, set Detect RTP to Never.