Technical Guide

How to Setup TLS Connection between DINSTAR SBC and Zoom Phone System


  • When migrating Zoom phone solution, you may need a hybrid solution connecting both with Zoom and your current PSTN / SIP trunks service providers.With DINSTAR SBCs (Session Border Controllers), you can enjoy all the benefits and features of Zoom Phone while keeping your existing service provider contracts, phone numbers, and calling rates with their preferred carrier.
    zoom_sbc.png
    How to setup a secure TLS connection between DINSTAR SBC and Zoom Phone System? There are some necessary steps to go.
    1. Prerequisites
    a. In order to make TLS work on the public side of network, a trusted CA (Certificate Authority) is a must.
    The example described in this section is based on the GoDaddy Certificate Chain as Certificate Authority (CA). To generate a Certificate Signing Request (CSR) and obtain the certificate from a supported Certification Authority (CA), you will receive follow 3 files.
    1.1.png
    b. Trusted by Zoom Public Root certificates
    Currently, Zoom Data Centers (DC) uses DigiCert public CA certificates. Therefore, to establish a TLS connection with Zoom Phone infrastructure, download and install as trusted root following public CA certificate.

    https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem

    https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem

    https://cacerts.digicert.com/DigiCertGlobalRootG3.crt.pem

    The example described in this section is downloading: DigiCertGlobalRootCA.crt.pem
    2.png
    c. Merge the CA files
    Open the files ‘star_DINSTAR_com.crt’ ,‘DigiCertCA.crt’ and ‘DigiCertGlobalRootCA.crt.pem’ one by one through notepad.
    Create are new txt file in notepad.

    Copy the context from ‘star_DINSTAR_com.crt’ and ‘DigiCertCA.crt’ and ‘DigiCertGlobalRootCA.crt.pem’ to new txt file.

    Note: the context write must need as follow sequence.
    Save the file and rename to ‘CRT_merge.crt’
    3.png
    2. To install the SBC Certificates
    After created all the certificates files as above, please start installing the SBC Certificate and Root/Intermediate Certificates as follows:
    Open page System>Certificate, click the Add.

    Upload the SBC Certificates and submit.

    CRT File uploads file ‘CRT_merge.crt’

    KEY File uploads file ‘_.DINSTAR.com.key’

    CA File uploads file ‘DigiCertCA.crt’
    4.png
    5.png
    3. Configuration the SIP Trunk with Zoom
    a. Set the network interface of SBC.

    As scenario, the GE0 of SBC will use public IP and connect the IP of Zoom Open page System>Network, set the IP address information.

    6.png
    b. Create the Trunk with Zoom.
    As scenario, the SBC should make are SIP trunk with Zoom and use the CAs. Open page Service>Core SIP Trunk, click ‘Add’, create are new trunk.

    Interface and medial Interface choose ‘GE0’ that we had configuration above. The SBC will use GE0 communicator with Zoom.

    Transport choose ‘TLS’

    TLS Bidirectional Verification need enable.

    PEM File choose ‘Zoom_TLS/crt_crt_merge.crt’

    KEY File choose ‘Zoom_TLS/key__.DINSTAR.com.key’

    CA File choose ‘Zoom_TLS/root_digicertca.crt’

    Remote IP: Port, enter the Zoom trunk information, for example 113.88.13.11:5060

    7.png
    4. Check the Trunk status
    Check the status of trunk: Disable and Enable the trunk
    8.png
    Open page Overview>Core Trunk Status, click trunk status.
    9.png