Goal (short description)

Communication between the User Agent and the home proxy is encrypted using TLS.

Applicability

We enable end-users of domain A to communicate with their home proxy based on TLS:

      User Agent A  ->  proxy domainA 

Prerequisites

This example is based on

• Debian 4r0
• OpenSER version 1.2 with tls

Configuration  

Configure a UA to use TLS. Under MS Windows, good examples is Eyebeam 1.5. Make sure to choose 'TLS' as the protocol in the settings and register with the proxy. Use the diagnostic tools of the UA to see if any problems occur. Common problems are:

• Invalid TLS version: though TLS 1.0 should be used according to the SIP RFC, SSL 2/3
• Client certificate verification should be disabled
• CA certificate cannot be verified: make sure the correct chain is on the server and on the UA
• Common name of the server certificate does not match DNS name of the server

OS specific help

Reminder: this example is based on a compiled version of openSER where the config is in /usr/local/etc/openser and the certificates are in /usr/local/etc/openser/tls/user, which might differ when installed from packages.

This recipe is based on the tutorial in http://www.voipuser.org/forum_topic_7222.html with adjustments for the openser version. See also http://www.openser.org/docs/tls.html#TLS-EXAMPLE for hints on TLS and examples of how to differentiate ring tones of the UA based on the source of a call to let the end-user know if the call can be trusted or not.