Trust Store

By default, for SSL/TLS encrypted TCP connections, SIP trunking services use one of the two outgoing SSL profiles to control the validation behavior of MBG with respect to the trunk provider's end of the connection. For SIP trunking services over TLS, trunk providers have the choice of using a certificate, that might not come from a known and trusted Certificate Authority. This setting can be controlled in the SIP Trunking form under Outgoing TLS trust profile, which is visible only when the trunk's Transport protocol is set to TLS.

This Trust Store interface allows the administrator to upload a certificate list file in PEM format containing one or more certificates required for MBG to provide a full trust chain to the other end of the TLS connection. When uploaded, an SSL profile by the name provided is created, which can be selected under the Outgoing TLS trust profile drop-down menu in the SIP trunking form. This will be named Outgoing trust profile for 'name', where 'name' is the name provided by the Administrator when uploading the certificate chain in the Trust Store interface.

Note: The certificate chain provided must contain a full chain to the root of the CA, unless the root CA certificate is already a well-known CA certificate in MBG's CA bundle. There is no harm in uploading a duplicate root CA certificate however, as MBG will filter duplicates.

Uploading a certificate chain

To upload a new certificate chain:

Click on the + icon.
Enter name of the chain, and browse to upload the local file. In the certificate list table, you can view, download or delete a certificate chain after it is uploaded. You cannot modify, you must delete and re-upload the chain.
Uploaded certificate chains are shared in an MBG cluster, as is the trunk configuration to use them.