Configure ICE Telephony Gateway to support TLS/SRTP

Admin Guide > Configuration > Managing Telephony > Adding a SIP PBX > ICE Telephony Calls in SIP Trunk mode > Enabling TLS/SRTP > Configure ICE Telephony Gateway to support TLS/SRTP

The preferred_signalling_protocol property in the $ICET_HOME/conf/icet_conf.json file must be set to tls to make/receive secure calls to/from CUCM.

The ICE Telephony Gateway default TLS port is 5061 in icet_conf.json.

Apply the following changes to the $ICET_HOME/conf/pjsip_acfg.json file:

"srtpUse": 1,

"srtpSecureSignaling": 1,

"TlsConfig": {

"CaListFile": "",

"certFile": "$ICET_HOME/etc/icet.pem",

"privKeyFile": "$ICET_HOME/etc/icetkey.pem",

"password": "",

"CaBuf": "",

"certBuf": "",

"privKeyBuf": "",

"method": 33,

"ciphers": [ ],

"verifyServer": false,

"verifyClient": false,

"requireClientCert": false,

"msecTimeout": 0,

"qosType": 3,

"qosParams": {

"qos.flags": 1,

"qos.dscp_val": 24,

"qos.so_prio": 0,

"qos.wmm_prio": 0

"qosIgnoreError": true

}

Note: As shown above, the values for the certFile and privKeyFile attributes are the files created in the Generating a Self-Signed Certificate File (.pem) section above using the OpenSL command tool. If a password was used while creating the certificate (private key) file, then that password should be set here in the password attribute.