(3.11+) Installing with SSL/TLS
The IVG setup wizard allows for the enablement or disablement of Secure Socket Layer (SSL) and Transport Layer Security (TLS). SSL/TLS can also be enabled or disabled post-installation with the tls-setup parameter in the ./ivginstaller file script.
We recommend installing IVG with TLS disabled in order to verify call processing functions as required. The tls-setup parameter can then be used to enable SSL/TLS.
The tls-setup parameter can be used to enable or disable SSL/TLS post-installation by using the IVG setup wizard to generate a new install-ivg.cfg file, and then running the ./ivginstaller file with the tls-setup parameter.
Enabling or disabling SSL/TLS
To run the IVG TLS install:
- Run the IVG setup wizard.
- Select Load an existing configuration file radio button and select the installation location of the current install.ivg.cfg file.
- On the SSL/TLS enablement screen, choose to either enable or disable SSL/TLS.
- Complete the IVG setup wizard and save the install.ivg.cfg file.
- Copy the new install.ivg.cfg file to the IVG server where TLS needs to be enabled or disabled.
- Copy the ./ivginstaller file to the IVG server where TLS needs to be enabled or disabled.
- Open a Linux shell script and run the following command to change the permissions:
chmod a+x ivginstaller- xxxx
- Enter the following command to execute the compatibility prerequisite check:
./ivginstaller- xxxx tls-setup | tee install_ mmddyy .txt
Where mmddyy is the date TLS was executed. This saves a dated installation log of the TLS setup.
- Repeat steps 1-8 on each IVG server in the deployment to enable or disable TLS.
Enabling SSL/TLS process
The tls-setup process performs the following activities to enable SSL/TLS:
- Verifies OS compatibility to determine what IP tables and firewalls are need to open the required ports.
- Opens the following ports in the Firewall (for Linux 7.x systems) OR opens the following IP tables (for Linux 6.9 systems):
- siplistenport
- siplistenport2
- tlslistenport
- tlslistenport2
- Updates the following parameters in the voice platform:
- siptransport - UDP,TCP,TLS
- siplistenport - 5060
- siplistenport2 - 5070
- tlslistenport - 5061
- tlslistenpor2 - 5071
- srtpsupport - 2
- sslcipher - HIGH:MD5:AES256-SHA256
- sslverify - 1
- ssloptions - no_sslv2,no_sslv3,no_tlsv1,no_tlsv1_1
The voice platform default SSL/TLS parameter values are used unless configured otherwise in the IVG setup wizard.Note:
Disabling SSL/TLS process
The tls-setup process performs the following activities to disable SSL/TLS:
- Verifies OS compatibility to determine what IP tables and firewalls are needed to open the required ports.
- Opens the following ports in the Firewall (for Linux 7.x systems) OR opens the following IP tables (for Linux 6.9 systems):
- 5060
- 5061
- Updates the following parameters in the voice platform:
- siptransport - UDP
- siplistenport - 5060
- siplistenport2 - 5061
- tlslistenport - 0
- tlslistenpor2 - 0
- srtpsupport - 0
- sslcipher - null
- sslverify - 0
- ssloptions - null