By default, most SIP devices use SIP over UDP as their main protocol, but for some other SIP devices or VoIP system, they require SIP over TLS, specially for some enterprise unified communication servers.
miniSIPServer V13.1 or above versions can support SIP over UDP/TCP/TLS. The network topology can be following type:
At this time, miniSIPServer can configure local users (SIP phones) and external lines with TLS.
By default, miniSIPServer uses TLSv1.2 and TLSv1.3 methods at this time. SSLv2, SSLv3, TLSv1 and TLSv1.1 have been discarded. Please make sure of your SIP phones can support TLSv1.2 or TLSv1.3.
By default, no configuration is required. miniSIPServer will automatically create self-signed certificate and key files, and start SIP over TLS.
Of course, you can also direct miniSIPServer to load your own certificate and key files. Both these files must be PEM format. Certificate file must be renamed to 'server.crt' and private key file must be renamed to 'server.key'. They should be saved in the 'siptlsCert' subdirectory which can be found in application data directory.
For example, if you are using Windows version and miniSIPServer AppData directory is 'C:\Users\your_name\AppData\Roaming\minisipserver' directory. Then you must save your certificate file to be 'C:\Users\your_name\AppData\Roaming\minisipserver\siptlsCert\server.crt', and priviate file should be saved to be 'C:\Users\your_name\AppData\Roaming\minisipserver\siptlsCert\server.key'.
If you are using Debian/Ubuntu system, your certificate file should be saved to be '$HOME/.minisipserver/siptlsCert/server.crt' and private key file should be saved to be '$HOME/.minisipserver/siptlsCert/server.key'.
After that, please restart miniSIPServer. If everything is ok, miniSIPServer should prompt SIP-TLS port information in its main window.
Q1: Can I use another TCP port to start TLS?
By default, miniSIPServer use standard TCP port 5061 to start TLS, but you are still able to change this port to any others you wish, for example 5062. In the miniSIPServer main window, please click menu "Data / System / SIP", then configure 'TLS port" item. After that, please remember to restart miniSIPServer to enable new port. Please refer to following figure.
Q2: Can I use my own self-signed certificate files?
Of course you can, but it's not necessary because miniSIPServer automatically creates self-signed certificate files by default.
If you do need to load your own self-signed certificate files, save them in the corresponding directory as described in "2. Configuration" and restart miniSIPServer.
Q3: Please suggest a SIP phone with SIP over TLS
We strongly suggest miniSIPPhone. Please click here to visit its website to get more details.
It is quite easy to register miniSIPPhone to miniSIPServer with SIP over TLS. Here is a demo in our lab.
server address: 192.168.3.70 TLS port: 5061 Local user name: 100
Please refer to following figure for the details of miniSIPPhone configuration.
In "Q1", we have changed the TLS port to 5062 which is not the default TLS port, then we must indicate it very clearly in miniSIPPhone:
