V
    VoIP Help Page
    Phones & Devices

    Enable SIP Signalling Over TLS

    The VoIP Help Page Team·3 min read·Last updated: March 14, 2026

    ### Scope

    This document provides a list of overrides that you will need to enable SIP Signalling over TLS

    Requirements

    White label access to the Manager Portal

    Overview

    Our core servers support TLS (Transport Layer Security) which is a form of encrypting communication for SIP Signalling between the hard phone and the core.  TLS is an effective measure to increase the security of SIP Signalling communication between the client and the server.   SIP Signalling may also be configured on the Trunk on your on-premises PBX and not limited to the phone which requires ISRG ROOT X1 CA to work.  Our server will listen on port 5061.

    Currently Supported Models

    Below is a list of phones and their respective supported firmware that we have tested with TLS.  If your phone is not on the list, ensure that the phone's firmware has CA support for ISRG Root X1 certificate.

    ModelMinimum Required Firmware
    T27G69.85.0.22
    T46S, T48S, T42S, T41S66.85.0.22
    T53W, T54W, T53, T57W96.85.0.22
    CP92078.85.0.22
    T46U, T48U,T43U,T42U108.85.0.22
    T58V, T56A58.85.0.22
    VP5991.85.0.22
    CP96073.85.0.22
    SNOM D7X10.1.73 as tested,
    GRP26001.0.5.45 as tested
    Polycom CCXUC 7.2.2 ( Unreleased )
    Polycom VVX(300,310,400,410,500,600,1500)5.9.8 + ( Unreleased )
    Polycom ( VVXxx1 and VVX50 )6.4.2 (Available Now)

    Enable TLS via Manager Portal

    1. 1
      Log in to the Manager Portal
    2. 2
      Navigate to Inventory > Phone Hardware

    3. Click the pencil icon on the right

    NOTE: Do not click the MAC Address as this will open SNAPbuilder

    4. Select the Advanced tab 5. Click the Transport Method to TLS

    6. Alternatively, you can bulk-edit phones and change the Transport Method of the selected phones to TLS 7. Click Save and Resync to apply your changes to the phone

    NOTE: The phone will reboot

    Enable TLS via Domain Overrides

    1. 1

      Log in to the Manager Portal

    2. 2

      Navigate to the domain

    3. 3

      Click Edit Domain

    4. 4

      Click Defaults tab

    5. 5

      Scroll all the way down, Enter the overrides to enable TLS in the Domain Defaults

    Example: To enable TLS for Yealink 6. Click Save

    NOTE: Overrides should be formatted without spaces with the configuration value enclosed in quotation marks.  Phones will have to be rebooted

    Overrides For Enabling SIP Signalling over TLS

    1. 1
      Polycom
    voIpProt.server.1.transport="TLS"
voIpProt.SIP.outboundProxy.transport="TLS"
reg.1.server.1.port="5061"
reg.1.server.2.port="5061"
reg.1.server.1.transport="TLS"
reg.1.server.2.transport="TLS"
reg.1.server.3.transport="TLS"
    1. 1
      Polycom CCX below firmware 7.2.2 and VVX ( 300,310,400,410,500,600,1500 ) firmware below 5.9.8 requires the following override to load the letsencrypt certificate.
    extra_file="ISRGROOTX1_CACERT.xml"
    1. 1
      Yealink
    account.1.sip_server.1.transport_type="2"
    1. 1
      SNOM
    transport=tls,sbc.ucaasnetwork.com
    1. 1
      Grandstream
    P29095="1"
P29195="1"
P29295="1"
P29395="1"
P29495="1"
P29595="1"
P183="3"
P443="3"
P543="3"
P643="3"
P1743="3"
P1843="3"

    Related Articles

    Polycom Overrides

    Phones & Devices

    Configure Custom Overrides for a Domain

    Phones & Devices

    Factory Reset SIP Phones

    Phones & Devices

    Was this article helpful?