====== SIP Trunk Encryption ======
  * [[cucm-sip-dig|SIP Digest Authentication]] is only an MD5 hash of username, password, SIP URI and other components of the SIP messages.
  * [[cucm-sip-dig|SIP Digest Authentication]] does not provide confidentiality of signaling packets
  * SIP Trunk Encryption can be used for that
    * SIP trunk encryption uses TLS for SIP
      * TLS authentication is based on certificates
      * CUCM must trust the issuer of the certificate of the peer:
        * Can be self-signed
        * Can be issued by a CA
      * Subject used in the TLS certificate exchange has to be configured.
      * HMAC is used for authentication.
  * SIP trunk encryption protects only signaling.
  * No SRTP support on SIP trunks.

===== Configuration =====

==== SIP Trunk Security Profile ====
  * Set the Device Security Mode to Encrypted
  * Set the X.509v3 certificate subject name used by the peer

==== SIP Trunk ====
  * Apply SIP trunk security profile to the trunk
{{cucm-siptk-enc1.png|}}

==== Peer Certificate ====
  * Add the certificate of the issuer of the certificate of the peer to CUCM