Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The following describes how to configure TLS transport for phones that support this feature. TLS transport can be used on a local LAN and also for remote workers including support for NAT traversal.

1. Server side configuration

If you have an admin account, you can simply download the Root CA from the sipXecs Web interface. Login to the Web interface and go to:

...

To do this with a Microsoft IIS server see here

2. Setup the Polycom phone

On your Polycom handset, go to

...

Enter your password. If you haven't changed this in the past, the default Polycom password is "456". Once you have entered the Advanced Settings, press the OK button to proceed to the Admin Settings. Use the scroll down arrow and look for the item SSL Security, then drill down to CA Certificates / Install Custom CA Certificate. You will be prompted to enter the http URL where you stored the CA. Enter the URL using the keypad:

*Example: http://192.168.1.10/ca.pbx.mydomain.com.crt *

or

*http://pbx.mydomain.com/ca.pbx.mydomain.com.crt *

Depending on whether you installed it on the LAN Web server or the sipXecs doc root. The Polycom phone will now download the root CA and will ask you to accept it. After accepting the certificate it will instantly get installed as your custom Polycom certificate.

Then press the Left arrow twice and go to Configure CA Certificates. Choose the first item in the list "Custom Certificate".

3. Setup TLS transport in sipXecs

Lastly configure Polycom SIP settings to use TLS as the transport protocol and change the port to 5061 using the sipXecs admin UI.

...