TLS Trunk Creation

  • Updated on Mar 15, 2026
  • Published on Mar 15, 2026
  • 1 minute(s) read
Prev Next

TLS Trunk Creation


Overview

Before explaining how to create a TLS trunk, a few important points need to be clarified. These basic definitions are important for understanding TLS trunk creation.

Trunk: In the VoIP and PBX world, a trunk is a connection point where multiple lines come together. It can be thought of as a main line that connects one PBX to another PBX or to a service provider. A trunk allows many calls to be routed through a single connection. 

SIP (Session Initiation Protocol): It is a protocol used to initiate, manage, and terminate voice, video, or messaging sessions over the Internet. 

TLS (Transport Layer Security): A protocol that protects the connection so no one can read the data while it’s being sent. It keeps sensitive information like passwords and financial data safe from third parties. 

TLS Trunk: A secure  SIP line used in VoIP systems

SIP Trunk: A connection between a PBX (phone system) and an operator or another PBX that carries calls and signals.  

PBX (Private Branch Exchange): A system that handles company phones and outside lines, used for both internal and external calls. 

Note: TLS has replaced SSL due to security issues. TLS is the modern, safer version of SSL

TLS Certification

A TLS certificate is a digital document that verifies the server’s identity and secures communication by encrypting the data. The connecting client receives this certificate from the server to establish a secure connection. The PBX must have a certificate for encryption. Certificates are issued by a Certificate Authority (CA).


TLS Certificate Configuration

First, create a directory to store the certificates. It will contain the TLS certificate and key files. 

Mkdir: make directory
/root/keys: path of the directory to be created
Creates a new folder named “keys” inside the /root directory.


TLS Certification Creation

This command uses Asterisk’s own script to generate a TLS certificate. It creates the certificate and key files needed for the PBX to establish a secure TLS connection.

/usr/src/asterisk-16.30.1/contrib/scripts/ast_tls_cert –C www.tegsoftcloud.com -O "Tegsoft" -d /root/keys -b 2048

All certificate passwords must be “Tegsoft123!”

All certificate passwords must be “Tegsoft123!”

Parameters:

-C: Server name (Common Name)

-O: Company / Organization name

-d: Directory where the certificates will be saved

-b: Key length (2048 bits


Renaming the Certificate Files

The generated certificate files are renamed with the following command to make them clearer and standard for TLS configuration.

mv /root/keys/asterisk.pem /root/keys/tls_certificate.pem
 mv /root/keys/asterisk.key /root/keys/tls_certificate.key
 mv /root/keys/asterisk.crt /root/keys/tls_certificate.crt

Parameters:

tls_certificate.pem: TLS certificate package

tls_certificate.key: TLS private key file

tls_certificate.crt: TLS certificate file 


Setup Instructions


1.Go to Infrastructure Management to Server Settings.

2.Scroll down the page.

3.Find network section.

4.Fill in the blanks.