Tin Cups and String: The Convergent Microsoft UC Blog

In a recent Voice Ignite training course (taught by Richard Luckett and Chris Olsen) I was tasked with decrypting SIP signaling messages over TLS. Troubleshooting SIP over TLS is essential in diagnosing OCS 2007 and OCS 2007 R2 voice-related problems. After some research and troubleshooting the process identified to perform the task is fairly simple. This process assumes you have access to the private keys of all servers involved.

1. Export the Certificate with private key as described in http://support.microsoft.com/kb/q232136/

2. Convert the default export format (PFX) to a format compatible with WireShark (PEM). Syntax used from the Citrix support article below:

http://support.citrix.com/article/CTX106028

openssl pkcs12 -in C:\software\meds_cert.pfx -out C:\software\med.pem -nodes

3. View SIP details and apply the certificate in WireShark.

Edit –> Preferences –> Protocols –> SIP

Display Raw Text for SIP:

Edit SSL Properties:

The RSA Keys list value includes the source server, port, protocol, and decryption file (output file from step 2). In the example above I have multiple entries separated by semicolons to decrypt packets from multiple servers. In this scenario I include entries for the front end server and mediation server.

4. Review newly available SIP information.

Before applying step 3:

Packet overview:

And packet 2207 contents:

After applying step 2:

Now we see the SIP protocol identified as well as readable packet information (a phone call placed to 911).

Happy troubleshooting!

Luke