Enabling TLS/SRTP
These instructions explain how to configure Session Initiation Protocol (SIP) Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP) between a Cisco Unified Communications Manager (CUCM) and ICE Telephony Gateway.
Secure voice communication can be divided into two parts:
1. Secure Signaling: ICE Telephony Gateway uses TLS to secure signaling over SIP
2. Secure Media: SRTP
Background Information
TLS: TLS and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL work on behalf of the underlying transport layer, whose segments carry encrypted data.Certificate Authority (CA): Trusted entity that issues certificates: Cisco or a third-party entity.Device Authentication: Process that validates the identity of the device and ensures that the entity is what it claims to be before a connection is made.Encryption: Process of translating data into ciphertext that ensures the confidentiality of the information. Only the intended recipient can read the data. It requires an encryption algorithm and encryption key.Public/Private Keys: Keys that are used in encryption. Public keys are widely available, but private keys are held by their respective owners. Asymmetrical encryption combines both types.