How to: Set Up a Certificate for Secure SIP Peer Communication

  • Article

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

To set up secure communication with SIP peers, you can configure Speech Server to use a valid security certificate for Mutual Transport Layer Security (TLS) connections. The certificate is used to perform authentication when SIP peer requests are received. When you specify a valid certificate for the computer running Speech Server, all SIP peers configured to use Mutual TLS use the certificate to authenticate the computer before sending a request.

Certificates must meet the following requirements:

  • Uses the X.509 standard.
  • The intended purpose includes server authentication.
  • The certificate name is the fully qualified domain name (FQDN) of the computer running Speech Server.
  • The date time stamps make the certificate currently valid.
  • Verifies the certificate chain.

For more information about certificates and how to obtain them, see Certificates at Microsoft Windows Server TechCenter.

Note

You must restart the Speech Server service to complete certificate setup.

Setting Up a Security Certificate

To set up a security certificate

  1. Open the Speech Server Administrator console.

    For more information, see How to: Start the Speech Server Administrator Console.

  2. In the console tree, expand the applicable group, and then click Servers.

  3. In the details pane, double-click the applicable server.

  4. Under SIP Peer Communication, click Select Certificate.

  5. In the Select Certificate box, select a certificate to use for authenticating the computer running Speech Server, and then click OK.

  6. Click OK and if the Speech Server service is running, click OK again to confirm the message to restart the service.

  7. To restart the service, right-click the applicable server in the details pane, and then click Restart.

    Note

    You can also set up Mutual TLS through Windows Management Instrumentation (WMI) scripts. For more information, see the TLSCertSerialNumber property in MSS Class.