Manualshelf

R0106-HP MSR Router Series Voice Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
111112113114115116117118119120
109
Configuring SIP to use TLS as the transport protocol
Network requirements
As shown in Figure 39, configure SIP to use TLS as the transport protocol on Router A and Router B, so
phone 1111 can call phone 2222 over TLS.
Figure 39 Network diagram
Configuration procedure
In this example, the CA server runs RSA Keon.
To make sure the certificate on the device is valid, the device system time must be earlier than the
expiration time of the certificate.
1. Configure Router A:
# Configure an IP address for GigabitEthernet 2/1/1.
<RouterA> system-view
[RouterA] interface gigabitethernet 2/1/1
[RouterA-GigabitEthernet2/1/1] ip address 192.168.2.1 255.255.255.0
[RouterA-GigabitEthernet2/1/1] quit
# Create a PKI entity named aaa with the common name as RouterA.
[RouterA] pki entity aaa
[RouterA-pki-entity-aaa] common-name RouterA
[RouterA-pki-entity-aaa] quit
# Create a PKI domain named voice, and specify the name of the trusted CA as voice.
[RouterA] pki domain voice
[RouterA-pki-domain-voice] ca identifier voice
# Configure the URL of the registration server in the form of http://host:port/Issuing Jurisdiction ID,
where Issuing Jurisdiction ID is a hexadecimal string generated on the CA server.
[RouterA-pki-domain-voice] certificate request
url http://192.168.2.88:446/bd0683e5a369eb4edbb4ef502eaca6ec42d24e97
# Specify the CA for accepting certificate requests.
[RouterA-pki-domain-voice] certificate request from ca
# Specify the PKI entity name as voice.
[RouterA-pki-domain-voice] certificate request entity aaa
[RouterA-pki-domain-voice] quit
# Generate a local RSA key pair.
[RouterA] public-key local create rsa