In Flysip the UI to setup TLS traffic processing was implemented. In order to use this feature, the version of OpenSIPS used for Environment should be >=3.1
More basic information regarding TLS could be found in Wikipedia for example
Authorization of incoming TLS calls
In order to authenticate the TLS traffic it's required to assign the TLS certificate with the required TLS method to selected Network Listener (IP:port) on Incoming SIP TLS Connections page:
By default 5061 TCP port and all IP addresses assigned to Environment accept incoming traffic.
All external TLS communication within Environment is allowed only from OpenSIPS ports, it's not possible to send outgoing INVITE with TLS from port of b2bua.
1. Make sure that IP address of traffic originator is allowed on System Management - System Parameters - IP Firewall in SIP/TLS section:
2. Then add the new TLS certificate from System Management - System Parameters - SSL Certificates.
Note - certificate should be valid, expired certificate can not be used to establish TLS connection.
3. Now setup the added certificate in System Management - System Parameters - Incoming SIP TLS Connections
4. Changes would be applied in about a minute - after that the test call could be sent through this vendor.
Termination the outgoing call to Vendor via TLS
1. Make sure that IP address of traffic receiver (Vendor) is allowed on System Management - System Parameters - IP Firewall in SIP/TLS section:
2. Then add the new TLS certificate from System Management - System Parameters - SSL Certificates.
Note - certificate should be valid, expired certificate can not be used to establish TLS connection.
3. An optional CA list could be added with root certificate that is chained with previously added SSL certificate. It is used to perform additional verification of SSL certificate of vendor with certificate of CA Authority that is trusted. Addition is performed from System Management - System Parameters - CA Lists.
4. Now open Vendors - My Vendors - Vendors page, choose needed Vendor and click Open Connections button, then either create new Connection or adjust existing:
5. Set Protocol = SIP/TLS, press Save and Close to get back to list of Connections:
6. Choose SIP TLS Options from Advanced Preferences of Connection:
7. Specify the SSL Certificate added in 2nd step, CA List if needed and choose needed TLS Method
