DTLS Certificate

  • Printer-friendly version
  • EPUB version
Note: The original implementation of DTLS Certificate creation on the UCX was developed to meet the security standards in place at that time, which used a 1024 bit key and the certificate was generated using the SHA1 algorithm. We later updated the key length to 2048 bits in line with evolving standards. We have now provided the ability to generate the DTLS certificate using a SHA256 algorithm in line with current security standards.

Installing a DTLS certificate for the First Time

If you wish to use DTLS on the UCX, you will use this page to generate the DTLS Certificate. For example, InfinityOne softphones always use DTLS. However, DTLS can also be used to support encrypted media for SIP Trunks as long as the far-end device also supports DTLS-SRTP. To ensure that the certificate is generated with the most up-to-date security algorithms for the UCX, perform a Software Update prior to taking the following steps.

To generate a DTLS certificate, perform the following steps:

  1. Open the UCx Web-based Configuration Utility
  2. From the System tab, select Updates and perform a Software Update
  3. From the System tab, select Network
  4. Verify that your UCx server is connected to the Internet and DNS Server(s) is configured.
  5. From the Security tab, select Certificates
  6. From the left side column, select DTLS Certificate
    UCX70DTLSCertGenerate.png
  7. Press the Generate button to create the certificate
    UCX70DTLSCertGenerateSuccess.png
  8. The DTLS certificate is created and automatically installed on your UCx server.

Upgrading from SHA1 based certificate to a SHA256 based certificate

As noted above, in UCX 6.0 E-MetroTel supports the creation of a certificate based on the SHA256 algorithm in order to keep pace with evolving security standards. However, once a certificate has been generated on a system it will remain in its current state unless you manually update the certificate after installing the latest UCX software. To determine whether your DTLS certificate is based on SHA1 versus SHA256, perform the following steps:

  1. Open the UCx Web-based Configuration Utility
  2. From the System tab, select Updates and perform a Software Update
  3. From the System tab, select Network
  4. Verify that your UCx server is connected to the Internet and DNS Server(s) is configured.
  5. From the Security tab, select Certificates
  6. From the left side column, select DTLS Certificate. If the DTLS Certificate page has a Generate button and states that a DTLS certificate is installed, then the certificate is based on older security standards and can be updated.
    DTLS60ExistingCertificate.png
  7. Press the Generate button to update the DTLS certificate.
    DTLS60LatestCertificate.png
Page Tags: 
How-To
5.0
R5.0
Release 5.0
webRTC
RTC
client