Configuring Tls To Carry Outgoing Sip Calls - HP FlexNetwork MSR Series Configuration Manual

Configuring TLS to carry outgoing SIP calls

Network requirements
Two routers Router A and Router B work as SIP UAs. It is required that the SIP calls between the two
parties be carried over TLS.
Figure 48 Network diagram
Confguration procedure
The certification authority (CA) server runs RSA Keon in this configuration example.
For information about how to configure the TLS policy, see HPE FlexNetwork MSR Router Series
Comware 5 Security Configuration Guide.
IMPORTANT:
To make sure the certificate on the device can be used, be sure that the device system time falls
within the validity time of the certificate.
1. Configure Router A:
# Configure the IP address of the Ethernet interface.
<RouterA> system-view
[RouterA] interface ethernet 2/1
[RouterA-Ethernet2/1] ip address 192.168.2.1 255.255.255.0
[RouterA-Ethernet2/1] quit
# Create a PKI entity aaa, enter its view, and then configure the common name of the entity as
RouterA.
[RouterA] pki entity aaa
[RouterA-pki-entity-aaa] common-name RouterA
[RouterA-pki-entity-aaa] quit
# Create a PKI domain voice, enter its view, and then specify the trusted CA as voice.
[RouterA] pki domain voice
[RouterA-pki-domain-voice] ca identifier voice
# Specify the URL of the registrar in the format of http://host:port/Issuing Jurisdiction ID,
where Issuing Jurisdiction ID is a hexadecimal character string generated on the CA server.
Then, specify the authority for certificate request as CA, and the entity for certificate request as
aaa.
[RouterA-pki-domain-voice] certificate request url
http://192.168.0.88:446/bd0683e5a369eb4edbb4ef502eaca6ec42d24e97
[RouterA-pki-domain-voice] certificate request from ca
[RouterA-pki-domain-voice] certificate request entity aaa
[RouterA-pki-domain-voice] quit
# Create local RSA key pairs.
[RouterA] public-key local create rsa
169