You will need to follow these steps if you are trying to configure Wireshark (or a similar packet capture appliance) to decode encrypted SIP messages using TLS. Sansay Support will install the certificates on your VSXi(s) and provide you with:

• An encrypted certificate containing the certificate and private key. This file is provided in .p12 format.
• A passphrase.
• Your system must be running VSXi-9.5.3.89 or later.

Configuration

Complete the following steps to decrypt SSL and TLS traffic using the Wireshark network protocol analyzer:

1. From the menu, go to Edit > Preferences. 
2. Expand Protocols in the Preferences window.
3. Scroll down and select SSL. 
4. Edit RSA keys list and add the following information:
   1. IP address: is the IP Address of the TLS Service Port
   2. Port: The TLS Port number on the Service Port, usually 5061 SIP/TLS.
   3. Protocol: sip
   4. Key FIle: is the location and file name of the .p12 provided by Sansay.
   5. Password: password generated by Sansay (or you) when the certificates were exported to .p12 format.
   6. Click Apply and OK to finish adding RSA keys list. Repeat this step per VSXi TLS Service Port.

    

5. Re-enter password in Pre-Shared Key field in SSL dialog.

The provided procedure is specific to Wireshark. Other appliances are also able to import the certificate key and decrypt SIP messages in a similar way.