Configuring Security Features2612. Click Browse to locate the certificate (*.pem or *.cer) from your local endpoint.3. Click Upload to upload the certificate.Secure Real-Time Transport ProtocolDuring a confidential call, you can configure Secure Real-Time Transport Protocol (SRTP) toencrypt RTP streams to avoid interception and eavesdropping. Both RTP and RTCP signalingmay be encrypted using an AES algorithm as described in RFC3711. Encryption modifies thedata in the RTP streams so that, if the data is captured or intercepted, it cannot beunderstood—it sounds like noise. Only the receiver knows the key to restore the data. To useSRTP encryption for SIP calls, the participants in the call must enable SRTP simultaneously. Whenthis feature is enabled on both endpoints, the encryption algorithm utilized for the session isnegotiated between the endpoints. This negotiation process is compliant with RFC 4568.When a site places a call on the SRTP enabled endpoint, the endpoint sends an INVITE messagewith the RTP encryption algorithm to the destination endpoint.The following is an example of the RTP encryption algorithm carried in the SDP of the INVITEmessage:m=audio 11780 RTP/SAVP 0 8 18 9 101a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:NzFlNTUwZDk2OGVlOTc3YzNkYTkwZWVkMTM1YWFja=crypto:2 AES_CM_128_HMAC_SHA1_32inline:NzkyM2FjNzQ2ZDgxYjg0MzQwMGVmMGUxMzdmNWFma=crypto:3 F8_128_HMAC_SHA1_80 inline:NDliMWIzZGE1ZTAwZjA5ZGFhNjQ5YmEANTMzYzA0a=rtpmap:0 PCMU/8000a=rtpmap:8 PCMA/8000a=rtpmap:18 G729/8000a=fmtp:18 annexb=noa=rtpmap:9 G722/8000a=fmtp:101 0-15a=rtpmap:101 telephone-event/8000a=ptime:20
