Tutorials: TLS Setup

You will need to reach out to Voxtelesys and schedule a time to move your trunk to TLS/SRTP, this feature will be coming to the Voxtelesys Portal soon, but for now it requires a ticket with support@voxtelesys.com.

It is recommended to open the ticket through the Voxtelesys Portal.

Open your Voxtelesys SIP trunk and ensure that your Registrar/Server/Gateway Hostname or IP is set to: 3cx.pstn.voxtelesys.net

If you have a unique domain name like xxxxxx-xxxx.sip.voxtelesys.net then reach out to support and request a new registration domain.

Make sure that "Auto Discovery" next to the registrar is enabled, TLS registration will fail without auto discovery enabled.

Open your Voxtelesys SIP trunk and go to the Options tab and change the following settings:

• SRTP Mode = Enabled
• Transport Protocol = TLS

Before saving the trunk settings we will need to upload the root certificate for the domain.

Go to https://letsencrypt.org/certificates/ and download the Active "PEM" certificate.

Go back to the 3CX and upload the certificate under options > Transport Protocol = TLS > Click "Upload"

You should now see an expiration date.

Save the Trunk settings

Let Voxtelesys support know that the TLS/SRTP is in place on the 3CX trunk and support will verify the correct settings are enabled on your trunks!

Take note!

• TLS trunk registration issues have been noted on Azure-hosted 3CX systems.

• Incompatibility issues have been observed with custom FQDN's (non-3CX provided domains). Contact Voxtelesys Support for more information and a possible work-around.