In order to setup a SIP TLS connection in scenarios where the server requests a client certificate, the base must be configured with a pre-loaded TLS client certificate and key.
How to load the client certificate:
After clicking on Security, click on the "Choose Files" button under "Import SIP Client Certificate Key Pair"
Select both key and certificate
Click on the Load button
Your certificate should be listed into the certificate list
The certificate must be provided as a DER encoded binary X.509 (.cer) file, and the key must be provided as an unencrypted PKCS#8 binary file.
If you need to convert a certificate in DER format you can use the OpenSSL command:
openssl x509 -in certificate.crt -outform DER -out certificate-DER.cer
If you need to convert the private key into the unencrypted PKCS#8 format you can use the OpenSSL command:
openssl pkcs8 -topk8 -inform PEM -in certificate-key.key -outform DER -out certificate-key-DER-PKCS8.key -nocrypt