Uploading Certificate for SIP Trunk Security Profile
Configure SIP trunk for recording encrypted calls
From Cisco Unified Communications Manager 8.0 the RTP forking-based recording interface enables the recording of encrypted calls. In order to enable this option, various configuration tasks have to be accomplished. Please follow the instructions below to properly configure the Cisco Unified Communications Manager and the Verba Recording System.
Prerequisite
A certificate is required for the secure SIP connection between the Verba servers and the Call Managers. The certificate must have an exportable private key, and the signature / hash algorithm of the certificate can’t be higher than SHA256 (SHA512 isn’t supported by the Call Manager). It doesn’t have to be a publicly signed certificate, it can be generated by the local domain CA. No specific requirements for the certificate subject or SAN.
The certificate used for the secure SIP connection has to be added in the certificate store of the Verba Recording Server also, where the secure SIP connection will terminate. When importing, the private key has to be left exportable.
Upload the Recording Server certificate to the CUCM
Step 1Â - Login to the Cisco Unified OS Administration interface.
Step 2Â - Select Security / Certificate Management menu.
Step 3Â - Click on the Upload Certificate button.
Step 4Â - Select the CallManager-trust certificate.
Step 5Â - Enter an optional description.
Step 6Â - Click Upload File button, and select the previously exported certificate.
Step 7Â - After successful upload, the new certificate should appear on the list and it has a name containing the hostname of the Verba Recording Server.
If you have multiple nodes (publisher+subscribers) in your cluster you must install the recorder's certificate on each node.