Introduction.
Live Assist Fusion Client SDK solution uses secure media while communicating with WEBRTC client by default. More details on WEBRTC client Security can be found here:
User Interfaces for Encryption of Voice and Video
However some deployments look to enable end to end encryption by securing the SIP side too.
This article provide steps to enable secure signaling on the SIP network as well as Secure (encrypted) media with SIP endpoint.
Step 1 : Configure Secure Connection to Outbound SIP Server
FCSDK Solution communicates with the SIP network via an outbound proxy setting at Web Plugin Framework.
Visit : https:/<your-fcsdk-server>:8443/web_plugin_framework/webcontroller/admin/
Navigate to Gateway -> General Administration to configure "Outbound SIP servers" ,
Secure SIP Address to outbound SIP Server can be configured using one of the following example:
- sip:192.168.8.78;transport=tls
- sips:192.168.8.78;transport=tls
Step 2 : Import Trusted Certificate Chain
To allow a TLS handshake between FAS (Fusion Application Server) and the configured Outbound SIP Server, it is required that the complete chain of Trusted Certificates are imported in the FAS truststore. Instructions on how to import certificate in FAS truststore can be found here:
NOTE : Ensure that each certificate in certificate chain is imported individually as shown in screenshot below:
Step 3: Enable Media Broker for Secure Media
- ssh into Media Broker server.
- Navigate to your Media Broker (MB) directory, e.g.
/opt/cafex/FCSDK-X.X.X/media_broker/ - Update /opt/cafex/FCSDK-X.X.X/media_broker/proxy.properties, to enable SRTP by changing 'srtp.enabled' property from 'false' to 'true' and also enable video/audio encryption according to the requirement, see example below:
srtp.enabled=true
srtp.video.encrypted=true
srtp.audio.encrypted=true
srtcp.enabled=true
srtp.rtp.protocol=SAVP
- Restart media broker
service fusion_media_broker restart
Comments
0 comments
Please sign in to leave a comment.