administration.fm
A31003-O1010-M100-17-76A9, 09/09/2010
OpenScape Voice - OpenStage Family, Administration Manual
3-31
Administration
Security
3.4
Security
OpenStage phones support secure speech transmission via SRTP. For enabling secure calls,
a TLS connection to the OpenScape Voice server is required.
If
Use secure calls
is activated , the encryption of outgoing calls is enabled, and the phone is
capable of receiving encrypted calls. When the phone is connected to an OpenScape Voice
system, call security is communicated to the user as follows:
•
An icon in the call view tells the user whether a call is secure or not.
•
If an active call changes from secure to insecure, e. g. after a transfer, a popup window
and an alert tone will notify the user.
If
SIP server certificate validation
resp.
Backup SIP server certificate validation
is activat-
ed, the phone will validate the server certificate sent by the OpenScape Voice server in order
to establish a TLS connection. The server certificate is validated against the root certificate
from the trusted certificate authority (CA), which must be stored on the phone first. For deliver-
ing the root certificate, a DLS (Deployment Software) server is required.
Administration via WBM (up to V2R2)
System > Security
Administration via Local Phone
>
For secure calls, it is required that both endpoints support SRTP. The secure call
indication tells the user that the other endpoint has acknowledged the secure con-
nection.
>
In order to use SRTP, the phone must be configured for NTP (for further information
please see Section 3.5.4, “Date and Time”). The reason is that the key generation
(MIKEY) uses the system time of the particular device as a basis. Thus, encryption
will only work correctly if all devices have the same UTC time.
|
---
Administration
|
---
System
|
---
Security
|---
Server cerfificate
|---
Backup certificate
|
---
Use secure calls