Versions Compared

Version Old Version 2 New Version Current
Changes made by

Kelli Higdon

Kelli Higdon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printablefalse

Overview

Transport Layer Security(TLS) is a successor to Secure Sockets Layer protocol, or SSL are cryptographic protocols that provide communications security over computer network.
The Transport Layer Security protocol aims primarily to provide privacy and data integrity between two communicating computer applications.
There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same.
TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity.

VEGA supports Transport Layer Security (TLS) to secure the signalling in between the VEGA and its peer.

Info

NOTE: VEGA should and must have TLS license in order to support TLS/HTTPS functionality.

Configuration

VEGA should use signalling transport as “TLS” to ensure secure signalling with remote end.
This can be achieved by configuring Transport as present with in “SIP Profile” under “SIP Tab” of “Expert Config Section” (i.e. Expert Config -> SIP -> SIP Profile) as show below:

...

  1. TLS Port Configuration

  2. Creating and Uploading TLS Certificate

TLS Port Configuration

TLS port configuration is present in "SIP Configuration” under “SIP Tab” of “Expert Config Section” (i.e. Expert Config  -> SIP -> SIP Configuration and edit  Local SIP TLS Port) as show below:

...

By default, SIP TLS port is configured as “5061” but user it can be changed depending upon the requirement.

Creating and Uploading TLS Certificate

By default, VEGA has inbuilt self-signed certificate to ensure secure signalling between VEGA and remote end. But new certificate and keys can be uploaded on to VEGA as per requirement.
There are three different files that can be uploaded on to VEGA with respect to TLS:

...

If CA/Root certificate file is uploaded on to VEGA, VEGA will start verifying the remote end certificate to establish a successful handshake.

Create TLS Certificate

To create TLS certificate, we can use Free version of Simple Authority CA management tool. We can get the same from http://simpleauthority.com/download.html

...

Info

Important Note

  1. User must upload server certificate file on to vega containing only server certificate within it if provided(we must not bundle any other certificate with server) .

  2. User must upload server key file on to vega containing only key within it if provided

  3. User must upload root file on to vega containing root certificate within it
    Root certificate must be bundled with other intermediate certificate if present/provided by customer (the bundled certificate file must not contain Server certificate or Server Key)

Upload Certificate/Key

Option to upload certificate/key on to VEGA with respect to TLS is present within “System Tab” under “Expert Config Section” (i.e. Expert Config -> System -> and edit Upload/Download Files) as show below:

...

Once TLS file is uploaded successfully proper result will be displayed on to VEGA GUI as shown below:

 

...

Remove TLS Certificate/Key

Option to upload certificate/key on to VEGA with respect to TLS is present within “System Tab” under “Expert Config Section” (i.e. Expert Config -> System -> and edit Upload/Download Files)  as show below:

...