Legacy Dev Forum Posts

 View Only

Sign Up

  • 1.  TLS on BYOC trunk

    Posted 06-05-2025 18:49

    Vlad_Tsamouridis | 2020-09-22 11:39:33 UTC | #1

    Hello! I am trying to enable TLS on external sip trunk with BYOC feature.

    According to the documentation (https://help.mypurecloud.com/articles/tls-trunk-transport-protocol-specification/):

    The customer endpoints must trust the BYOC Cloud endpoints. Genesys Cloud signs the BYOC Cloud endpoints with X.509 certificates issued by DigiCert, a public Certificate Authority. More specifically, the root certificate authority that signs the BYOC Cloud endpoints is the DigiCert High Assurance EV Root CA. You can download the root public key certificate from DigiCert.

    The BYOC Cloud endpoints must also trust the customer endpoints. For the BYOC Cloud endpoints to trust the customer endpoints, one of these public certificate authorities must sign the customer endpoints:

    Amazon Trust Services Comodo / Sectigo DigiCert / Symantec / QuoVadis / Verisign Entrust GoDaddy / Starfield Network Solutions Telia Sonera Thwate

    I have configured my external SIP server to trust Digicert CA. Also, the certificate I have on my external SIP server is from Sectigo, however when I perform an outbound call from Purecloud to the external sip trunk I get the following error:

    SSL routines:ssl3readbytes:tlsv1 alert unknown ca

    Which makes me think that Purecloud's Voice - AWS edges do not trust my external's SIP trunk CA.

    Is there is something that I am missing here? I would appreciate your guidance.

    Additional notes: 1) The BYOC trunk works fine with TCP or UDP 2) My external SIP server accepts TLS connections from Softphone clients just fine.

    Thanks in advance,

    John_Carnell | 2020-09-23 14:30:00 UTC | #2

    Hi Vlad,

    Thanks for reaching out to us. Unfortunately, this forum is for development-related questions. Your question is really about production configuration. I would recommend you either:

    1. Open a CARE support case (https://help.mypurecloud.com/articles/contact-genesys-cloud-care/).
    2. Post to our Genesys Cloud community forum. (https://community.genesys.com/communities/purecloud)

    I hope that helps.

    Thanks, John Carnell Manager, Developer Engagement

    system | 2020-10-24 14:30:03 UTC | #3

    This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.

    This post was migrated from the old Developer Forum.

    ref: 8881



Related Content