TLS Negotiation

Every VSTG generates its own self-signed certificate with its IP address and uses this certificate for TLS negotiation and encryption. The self-signed certificate for each VSTG needs to be loaded into the PBX certificate store for end-to-end TLS negotiation to succeed.

Both VSTG and the PBX act as a client or server depending on which one initiates a SIP INVITE: