For all codec models, you can upload your own PKCS #12 certificate bundle to use for SIP TLS encryption. The bundle must contain a root certificate, a device, or client certificate, and a private key. When uploading a PKCS #12 certificate bundle, the web interface requests you to enter the password that you used for package encryption. After uploading the certificate bundle, the web interface displays only the root and client certificates with the details on the certificate authority (CA) and recipient.
You can encrypt the root, client certificates and private key with RSA encryption up to 4096 bits. The private key can be in PKCS #1 or PKCS #8 X509 format. Elliptic Curve and Ed25519/Ed448 encryption methods are not supported.
On the TLS Authentication page, you can also view the issuer for the uploaded certificates, the organization it was issued to, and the certificate type. You can delete an expired or unused certificate and view additional details for each file, including the start and end time of the validity period.
If a certificate expires in 60 days or earlier, you can see a corresponding notification on the GUI menu, after logging in to the web interface, and when going to on the Settings menu.
