In order to setup a SIP TLS connection in scenarios where the server requests a client certificate, the base must be configured with a pre-loaded TLS client certificate and key.

How to load the client certificate:

Step 1:

After clicking on Security, click on the "Choose Files" button under "Import SIP Client Certificate Key Pair"

Step 2:

Select both key and certificate

Step 3:

Click on the Load button

Step 4:

Your certificate should be listed into the certificate list

Certificate format:

The certificate must be provided as a DER encoded binary X.509 (.cer) file, and the key must be provided as an unencrypted PKCS#8 binary file.

If you need to convert a certificate in DER format you can use the OpenSSL command:

openssl x509 -in certificate.crt -outform DER -out certificate-DER.cer


If you need to convert the private key into the unencrypted PKCS#8 format you can use the OpenSSL command:


openssl pkcs8 -topk8 -inform PEM -in certificate-key.key -outform DER -out certificate-key-DER-PKCS8.key -nocrypt