Tls For Sip Signaling And Provisioning - Algo 8188 User Manual

TLS for SIP Signaling and Provisioning

Algo devices that support firmware 1.6.4 or later support Transport Layer Security (TLS).
This feature adds security by ensuring that Algo products can trust the hosted SIP server.
This is useful for when third-party devices or attackers may try to intercept, replicate, or al-
ter Algo products, and try to connect to the server. TLS protocol will ensure that third par-
ties cannot read/modify any actual data. Previously security was less of a concern be-
cause phone systems were on isolated networks, but hosted services are becoming in-
creasingly more common. Using a hosted SIP service requires traffic to be sent over the
public internet and thus much more susceptible to attacks. Signed certificates are an im-
portant piece in the Algo device's operation, to ensure the security, integrity, and privacy
of its communication. Algo components that use TLS are Provisioning and SIP Signal-
ing.
These Algo devices each come pre-loaded with certificates from a list of trusted certificate
authorities (CA), which are installed in the hardware at the time of manufacture. Note
these pre-installed trusted certificates are not visible to users and are separate from the
'certs' folder.
The TLS handshake happens to make sure that the client and server can trust each other,
and once that trust is established, the two parties can freely send encrypted data and de-
crypt any data that they receive. After the TLS handshake process is complete, a TLS
session is established, and the server and client can then exchange messages that are
symmetrically encrypted with shared (pre-master) secret key.
For further details reference the
ing.
Uploading Public CA Certificates to Algo SIP Endpoints
To install the public CA certificate on the Algo 8188, follow the steps below:
1. Obtain a public certificate from your Certificate Authority.
2. Rename the public certificate 'siptrusted.pem' (only .pem format is supported).
3. In the web interface of the Algo device, navigate to the Advanced Settings > File
Manager tab.
4. Upload the certificate files into the 'certs' directory. Click the Upload button in the
top left corner of the file manager and browse to the certificate.
For SIP TLS, no default public CA certificates are used; only the above .pem file is sup-
ported, so this certificate file must be uploaded in order for SIP TLS authentication to oc-
cur.
For Provisioning TLS, only the default pre-installed public CA certificates are supported;
No .pem file can be uploaded in this case.
Document 90-00069A
2020/4/15
Page 17
Algo TLS guide for SIP Signalling and HTTPS Provision-
Algo Communication Products Ltd
4500 Beedie St Burnaby BC Canada V5J 5L2
www.algosolutions.com
8188 SIP Ceiling Speaker (FW 1.7)
(604) 454-3792
support@algosolutions.com