You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/communications-gateway/prepare-for-live-traffic.md
+5-2Lines changed: 5 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: rcdun
5
5
ms.author: rdunstan
6
6
ms.service: communications-gateway
7
7
ms.topic: how-to
8
-
ms.date: 05/11/2023
8
+
ms.date: 07/18/2023
9
9
---
10
10
11
11
# Prepare for live traffic with Azure Communications Gateway
@@ -37,10 +37,13 @@ In some parts of this article, the steps you must take depend on whether your de
37
37
38
38
## 1. Connect Azure Communications Gateway to your networks
39
39
40
+
1. Exchange TLS certificate information with your onboarding team.
41
+
1. Azure Communications Gateway is preconfigured to support the DigiCert Global Root G2 certificate and the Baltimore CyberTrust Root certificate as root certificate authority (CA) certificates. If the certificate that your network presents to Azure Communications Gateway uses a different root CA certificate, provide your onboarding team with this root CA certificate.
42
+
1. The root CA certificate for Azure Communications Gateway's certificate is the DigiCert Global Root G2 certificate. If your network doesn't have this root certificate, download it from https://www.digicert.com/kb/digicert-root-certificates.htm and install it in your network.
40
43
1. Configure your infrastructure to meet the call routing requirements described in [Reliability in Azure Communications Gateway](reliability-communications-gateway.md).
41
44
1. Configure your network devices to send and receive SIP traffic from Azure Communications Gateway. You might need to configure SBCs, softswitches and access control lists (ACLs). To find the hostnames to use for SIP traffic:
42
45
1. Go to the **Overview** page for your Azure Communications Gateway resource.
43
-
1. In each **Service Location** section, find the **Hostname** field.
46
+
1. In each **Service Location** section, find the **Hostname** field. You need to validate TLS connections against this hostname to ensure secure connections.
44
47
1. If your Azure Communications Gateway includes integrated MCP, configure the connection to MCP:
45
48
1. Go to the **Overview** page for your Azure Communications Gateway resource.
46
49
1. In each **Service Location** section, find the **MCP hostname** field.
Copy file name to clipboardExpand all lines: articles/communications-gateway/security.md
+16-5Lines changed: 16 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: rcdun
5
5
ms.author: rdunstan
6
6
ms.service: communications-gateway
7
7
ms.topic: conceptual
8
-
ms.date: 02/09/2023
8
+
ms.date: 07/18/2023
9
9
ms.custom: template-concept
10
10
---
11
11
@@ -26,15 +26,26 @@ Azure Communications Gateway stores all data at rest securely, including any cus
26
26
27
27
## Encryption in transit
28
28
29
-
All traffic handled by Azure Communications Gateway is encrypted. This encryption is used between Azure Communications Gateway components and towards Microsoft Teams.
29
+
All traffic handled by Azure Communications Gateway is encrypted. This encryption is used between Azure Communications Gateway components and towards Microsoft Phone System.
30
+
30
31
* SIP and HTTP traffic is encrypted using TLS.
31
32
* Media traffic is encrypted using SRTP.
32
33
33
34
When encrypting traffic to send to your network, Azure Communications Gateway prefers TLSv1.3. It falls back to TLSv1.2 if necessary.
34
35
36
+
### TLS certificates for SIP
37
+
38
+
Azure Communications Gateway uses mutual TLS for SIP, meaning that both the client and the server for the connection verify each other.
39
+
40
+
You must manage the certificates that your network presents to Azure Communications Gateway. By default, Azure Communications Gateway supports the DigiCert Global Root G2 certificate and the Baltimore CyberTrust Root certificate as root certificate authority (CA) certificates. If the certificate that your network presents to Azure Communications Gateway uses a different root CA certificate, you must provide this certificate to your onboarding team when you [prepare for live traffic](prepare-for-live-traffic.md#1-connect-azure-communications-gateway-to-your-networks).
41
+
42
+
We manage the certificate that Azure Communications Gateway uses to connect to your network and Microsoft Phone System. Azure Communications Gateway's certificate uses the DigiCert Global Root G2 certificate as the root CA certificate. If your network doesn't already support this certificate as a root CA certificate, you must download and install this certificate when you [prepare for live traffic](prepare-for-live-traffic.md#1-connect-azure-communications-gateway-to-your-networks).
43
+
44
+
### Cipher suites for SIP and RTP
45
+
35
46
The following cipher suites are used for encrypting SIP and RTP.
36
47
37
-
### Ciphers used with TLSv1.2
48
+
####Ciphers used with TLSv1.2
38
49
39
50
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
40
51
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
@@ -45,12 +56,12 @@ The following cipher suites are used for encrypting SIP and RTP.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments