The procedure for adding trusted certificates to Blueworx Voice Response is described here in detail.
For every SIP entity you want to trust, you must either add the Certificate Authority (CA) certificate that signed the entity’s certificate or, if the entity has a self-signed certificate, its self-signed certificate. These entities might be proxies, registrars, or other SIP entities. How you find their certificates depends on the software used.
If you intend to create a Blueworx Voice Response server certificate that is signed by a CA, you also need to add that CA’s certificate. This requirement does not apply if you are using a self-signed certificate. Setting up the Blueworx Voice Response server certificate is explained in Configure the Blueworx Voice Response server certificate.
If the certificate that you want to add is in a certificate chain, you must also add all the certificates that are above it in the chain. You must add the certificates in strictly descending order, starting from the root, followed by the CA certificate immediately below it in the chain, and so on. Certificate chains are explained in How certificate chains work.
Run the following command to add a CA certificate or the public part of a self-signed certificate to the key repository:
wvrcert -cert -add -db $SYS_DIR/voip/keyring.db -stashed -label label -file filename -format ascii
where:
To list the certificates currently in the database, run the following command:
wvrcert -cert -list -db keyring.db -stashed
Output similar to the following is generated:
Certificates found * default, - personal, ! trusted ! Trusted_CA - wvr_server_certificate
Trusted certificates are labeled with an exclamation mark. Personal certificates, which are labeled with a dash, are explained in the next topic, Configure the Blueworx Voice Response server certificate.