Algo 8198 User Manual page 18

server. This is useful for when third-party devices or attackers may try to intercept,
replicate, or alter Algo products, and try to connect to the server. TLS protocol will
ensure that third parties cannot read/modify any actual data. Previously security was
less of a concern because phone systems were on isolated networks, but hosted
services are becoming increasingly more common. Using a hosted SIP service requires
traffic to be sent over the public internet and thus much more susceptible to attacks.
Signed certificates are an important piece in the Algo device's operation, to ensure the
security, integrity, and privacy of its communication. Algo components that use TLS are
Provisioning and SIP Signaling.
These Algo devices each come pre-loaded with certificates from a list of trusted
certificate authorities (CA), which are installed in the hardware at the time of
manufacture. Note these pre-installed trusted certificates are not visible to users and are
separate from the 'certs' folder.
The TLS handshake happens to make sure that the client and server can trust each
other, and once that trust is established, the two parties can freely send encrypted data
and decrypt any data that they receive. After the TLS handshake process is complete, a
TLS session is established, and the server and client can then exchange messages that
are symmetrically encrypted with shared (pre-master) secret key.
For further details reference the
Provisionings.
Uploading Public CA Certificates to Algo SIP Endpoints
To install the public CA certificate on the Algo 8198, follow the steps below:
1. Obtain a public certificate from you Certificate Authority.
2. Rename the public certificate 'siptrusted' with any of supported formats (.pem,
.cert, or .cer).
3. In the web interface of the Algo device, navigate to the System > File Manager
tab.
4. Upload the certificate files into the 'certs' directory. Click the Upload button in the
top left corner of the file manager and browser to the certificate.
HTTPS Provisioning
Provisioning can be secured by setting the 'Download Method' to 'HTTPS' (under the
Advanced Settings > Provisioning tab). This prevents configuration files from being
read by an unwanted thrid-party. This resolves the potential risk of having sensitive data
stolen, such as admin passwords and SIP credentials.
Document 90-00109
2020-09-21
Page 18
Algo TLS guide for SIP Signalling and HTTPS
Algo Communication Products Ltd
4500 Beedie St Burnaby BC Canada V5J 5L2
www.algosolutions.com
8198 SIP Ceiling Speaker PoE+
(604) 454-3792
support@algosolutions.com