Genesys Cloud - Main

I have configured many carriers for UDP and TCP but never for TLS.  I have read the documentation and I am still not clear as to the certificate.  How does one get a certificate, what information needs to be provided to the certificate provider?  Who installs the certificate?  Where does it get installed?  It is new to me and just looking for some Cliff Notes on how to implement a TLS SIP trunk group.  This is to a carrier for SIP trunking not to a PBX.  Thanks.
#Ask Me Anything (AMA)
#SIP/VolP
#Unsure/Other

------------------------------
Martin Bunting
i3Vision Technologies Inc.
------------------------------

Hi Martin,

We setup TLS with Twilio Elastic SIP. Think of it like a web site, the server (carrier) end has the certificate and the client (Genesys Cloud) just validates this using a list of well-known CA certificates. It just works once you get the port settings and the protocols setup and have enabled TLS.

The caveat is that communication is encrypted, so more difficult to troubleshoot... We use UDP test trunks to do that.

------------------------------
Sven Schiller
Kognitiv
------------------------------

Original Message:
Sent: 11-09-2021 12:30
From: Martin Bunting
Subject: TLS SIP trunking

I have configured many carriers for UDP and TCP but never for TLS.  I have read the documentation and I am still not clear as to the certificate.  How does one get a certificate, what information needs to be provided to the certificate provider?  Who installs the certificate?  Where does it get installed?  It is new to me and just looking for some Cliff Notes on how to implement a TLS SIP trunk group.  This is to a carrier for SIP trunking not to a PBX.  Thanks.
#Ask Me Anything (AMA)
#SIP/VolP
#Unsure/Other

------------------------------
Martin Bunting
i3Vision Technologies Inc.
------------------------------

So for the certificate, this is something the carrier is responsible for?   We need to provide the Carrier with the URI and the hostname of the Region the Org is resident in, then as you say we just enable TLS and make sure the ports and protocols are correct?  Hopefully, it is that simple.  Thanks.

------------------------------
Martin Bunting
i3Vision Technologies Inc.
------------------------------

Original Message:
Sent: 11-10-2021 09:22
From: Sven Schiller
Subject: TLS SIP trunking

Hi Martin,

We setup TLS with Twilio Elastic SIP. Think of it like a web site, the server (carrier) end has the certificate and the client (Genesys Cloud) just validates this using a list of well-known CA certificates. It just works once you get the port settings and the protocols setup and have enabled TLS.

The caveat is that communication is encrypted, so more difficult to troubleshoot... We use UDP test trunks to do that.

------------------------------
Sven Schiller
Kognitiv

Original Message:
Sent: 11-09-2021 12:30
From: Martin Bunting
Subject: TLS SIP trunking

I have configured many carriers for UDP and TCP but never for TLS.  I have read the documentation and I am still not clear as to the certificate.  How does one get a certificate, what information needs to be provided to the certificate provider?  Who installs the certificate?  Where does it get installed?  It is new to me and just looking for some Cliff Notes on how to implement a TLS SIP trunk group.  This is to a carrier for SIP trunking not to a PBX.  Thanks.
#Ask Me Anything (AMA)
#SIP/VolP
#Unsure/Other

------------------------------
Martin Bunting
i3Vision Technologies Inc.
------------------------------

Seems like you are looking into using TLS with mutual authentication? This is not something we have setup before. However, from the documentation here it looks like it's all taken care of for you. You can download the CA cert in the admin interface, this is used to prove that the cert you are using is valid.

Note that there's a difference between BYOC premises and BYOC cloud.

------------------------------
Sven Schiller
Kognitiv
------------------------------

Original Message:
Sent: 11-10-2021 13:38
From: Martin Bunting
Subject: TLS SIP trunking

So for the certificate, this is something the carrier is responsible for?   We need to provide the Carrier with the URI and the hostname of the Region the Org is resident in, then as you say we just enable TLS and make sure the ports and protocols are correct?  Hopefully, it is that simple.  Thanks.

------------------------------
Martin Bunting
i3Vision Technologies Inc.

Original Message:
Sent: 11-10-2021 09:22
From: Sven Schiller
Subject: TLS SIP trunking

Hi Martin,

We setup TLS with Twilio Elastic SIP. Think of it like a web site, the server (carrier) end has the certificate and the client (Genesys Cloud) just validates this using a list of well-known CA certificates. It just works once you get the port settings and the protocols setup and have enabled TLS.

The caveat is that communication is encrypted, so more difficult to troubleshoot... We use UDP test trunks to do that.

------------------------------
Sven Schiller
Kognitiv

Original Message:
Sent: 11-09-2021 12:30
From: Martin Bunting
Subject: TLS SIP trunking

I have configured many carriers for UDP and TCP but never for TLS.  I have read the documentation and I am still not clear as to the certificate.  How does one get a certificate, what information needs to be provided to the certificate provider?  Who installs the certificate?  Where does it get installed?  It is new to me and just looking for some Cliff Notes on how to implement a TLS SIP trunk group.  This is to a carrier for SIP trunking not to a PBX.  Thanks.
#Ask Me Anything (AMA)
#SIP/VolP
#Unsure/Other

------------------------------
Martin Bunting
i3Vision Technologies Inc.
------------------------------

Carrier should give you the certificate. you must import it into the Cloud if necessary

------------------------------
Rodrigo Hernandez
------------------------------

Original Message:
Sent: 11-10-2021 13:38
From: Martin Bunting
Subject: TLS SIP trunking

So for the certificate, this is something the carrier is responsible for?   We need to provide the Carrier with the URI and the hostname of the Region the Org is resident in, then as you say we just enable TLS and make sure the ports and protocols are correct?  Hopefully, it is that simple.  Thanks.

------------------------------
Martin Bunting
i3Vision Technologies Inc.

Original Message:
Sent: 11-10-2021 09:22
From: Sven Schiller
Subject: TLS SIP trunking

Hi Martin,

We setup TLS with Twilio Elastic SIP. Think of it like a web site, the server (carrier) end has the certificate and the client (Genesys Cloud) just validates this using a list of well-known CA certificates. It just works once you get the port settings and the protocols setup and have enabled TLS.

The caveat is that communication is encrypted, so more difficult to troubleshoot... We use UDP test trunks to do that.

------------------------------
Sven Schiller
Kognitiv

Original Message:
Sent: 11-09-2021 12:30
From: Martin Bunting
Subject: TLS SIP trunking

I have configured many carriers for UDP and TCP but never for TLS.  I have read the documentation and I am still not clear as to the certificate.  How does one get a certificate, what information needs to be provided to the certificate provider?  Who installs the certificate?  Where does it get installed?  It is new to me and just looking for some Cliff Notes on how to implement a TLS SIP trunk group.  This is to a carrier for SIP trunking not to a PBX.  Thanks.
#Ask Me Anything (AMA)
#SIP/VolP
#Unsure/Other

------------------------------
Martin Bunting
i3Vision Technologies Inc.
------------------------------

Thanks, Rodrigo.

------------------------------
Martin Bunting
i3Vision Technologies Inc.
------------------------------

Original Message:
Sent: 11-15-2021 09:05
From: Rodrigo Hernandez
Subject: TLS SIP trunking

Carrier should give you the certificate. you must import it into the Cloud if necessary

------------------------------
Rodrigo Hernandez

Original Message:
Sent: 11-10-2021 13:38
From: Martin Bunting
Subject: TLS SIP trunking

So for the certificate, this is something the carrier is responsible for?   We need to provide the Carrier with the URI and the hostname of the Region the Org is resident in, then as you say we just enable TLS and make sure the ports and protocols are correct?  Hopefully, it is that simple.  Thanks.

------------------------------
Martin Bunting
i3Vision Technologies Inc.

Original Message:
Sent: 11-10-2021 09:22
From: Sven Schiller
Subject: TLS SIP trunking

Hi Martin,

We setup TLS with Twilio Elastic SIP. Think of it like a web site, the server (carrier) end has the certificate and the client (Genesys Cloud) just validates this using a list of well-known CA certificates. It just works once you get the port settings and the protocols setup and have enabled TLS.

The caveat is that communication is encrypted, so more difficult to troubleshoot... We use UDP test trunks to do that.

------------------------------
Sven Schiller
Kognitiv

Original Message:
Sent: 11-09-2021 12:30
From: Martin Bunting
Subject: TLS SIP trunking

I have configured many carriers for UDP and TCP but never for TLS.  I have read the documentation and I am still not clear as to the certificate.  How does one get a certificate, what information needs to be provided to the certificate provider?  Who installs the certificate?  Where does it get installed?  It is new to me and just looking for some Cliff Notes on how to implement a TLS SIP trunk group.  This is to a carrier for SIP trunking not to a PBX.  Thanks.
#Ask Me Anything (AMA)
#SIP/VolP
#Unsure/Other

------------------------------
Martin Bunting
i3Vision Technologies Inc.
------------------------------