The VoIP Traversal feature needs at least three certificates to function:
- A locally available CA certificate is needed on both the server and the remote clients.
- A VoIP Traversal Server certificate is needed on the server.
- A VoIP Traversal Client certificate is needed on each client. You can use the same client certificate on each client, or a unique client certificate for each client.
Typically, you generate a CA certificate and a server certificate that is signed by that CA certificate. Then you would generate one or more client certificates signed by the same CA certificate. Once these certificates are created on the server, you can download the CA certificate, the client certificates and key, and upload them on each client (the CA key does not need to be transferred to the client). Once this is done, go to the VoIP Traversal page to select the certificates to use for VoIP Traversal.
If you delete a VoIP Traversal CA or Server certificate, no VoIP Traversal clients using certificates signed by that CA certificate can connect to the server again. You must generate a new CA, Server and Client certificate and install these certificates on the clients to be able to establish the tunnels again.
Refer to Configuring VoIP Settings for more information.