Share via


How to: Configure a SIP Peer for Mutual TLS

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

To help secure communication of SIP messages between Speech Server and the SIP peer, configure the Speech Server settings for the SIP peer to use Mutual Transport Layer Security (TLS). This setting configures Speech Server to only use Mutual TLS to communicate with the SIP peer and reject any other type of connection.

Mutual TLS requires the endpoints (in this case, Speech Server and the SIP peer) to authenticate themselves with security certificates. The following procedure configures the Speech Server settings for the SIP peer to use Mutual TLS. It does not explain how to configure the SIP peer itself. For information about how to set up the SIP peer itself with a security certificate, see the SIP peer documentation.

Note

If the SIP peer is Telephony Interface Manager Connector (TIMC), you specify a certificate for the computer running TIMC using the Speech Server??Administrator console.

For information about how to set up Speech Server with a security certificate, see How to: Set Up a Certificate for Secure SIP Peer Communication.

Note

If no SIP peer is configured to use Mutual TLS, calls to and from applications configured to use Secure RTP are declined by Speech Server. For more information, see How to: Configure an Application for Secure RTP Communications.

Configuring a SIP Peer for Mutual TLS

To configure a SIP peer for Mutual TLS

  1. Open the Speech Server Administrator console.

    For more information, see How to: Start the Speech Server Administrator Console.

  2. In the console tree, click SIP Peers.

  3. In the details pane, right-click the SIP peer you want to change, and then click Properties.

  4. Click Enable Mutual TLS.

  5. If the SIP peer is TIMC, do the following; otherwise click OK.

    1. Click the Routing and Certificate tab.
    2. In MSS Servers, click the name of the computer running Speech Server, and then click Edit.
    3. In MSS Server, click Authenticate using Mutual TLS, and then click OK.
    4. In Certificate, click Select Certificate, select the certificate to use to authenticate the computer running TIMC, and then click OK twice.
  6. If the SIP peer is a trusted SIP peer, click Yes in the dialog box informing you that the setting will be applied to all computers running Speech Server that trust the SIP peer.

    Note

    You can also configure SIP peers for Secure RTP through Windows Management Instrumentation (WMI) scripts. For more information, see the UseMutualTLS property in SIPPeer Class and TrustedSIPPeer Class.