In order to setup a SIP TLS connection in scenarios where the server requests a client certificate, the base must be configured with a pre-loaded TLS client certificate and key.


How to load the client certificate:


Step 1:

After clicking on Security, click on the "Choose Files" button under "Import SIP Client Certificate Key Pair"


Step 2:

Select both key and certificate


Step 3:

Click on the Load button


Step 4:

Your certificate should be listed into the certificate list

Certificate format:

The certificate must be provided as a DER encoded binary X.509 (.cer) file, and the key must be provided as an unencrypted PKCS#8 binary file.


If you need to convert a certificate in DER format you can use the OpenSSL command:


openssl x509 -in certificate.crt -outform DER -out certificate-DER.cer

 

If you need to convert the private key into the unencrypted PKCS#8 format you can use the OpenSSL command:

 

openssl pkcs8 -topk8 -inform PEM -in certificate-key.key -outform DER -out certificate-key-DER-PKCS8.key -nocrypt