SIP over TLS – Outbound Calls Failing Due to Missing Client Certificate

[lovekesh-garg]

Setup

Inbound SIP over TLS: Works correctly (LiveKit acting as the server)
Outbound SIP over TLS: Fails during the TLS handshake

Our SIP provider reports that LiveKit isn’t presenting a client certificate when establishing outbound TLS connections. As a result, their server rejects the handshake. The same provider successfully accepts inbound TLS connections from LiveKit, so the certificate requirement is only blocking outbound trunks.

It appears that LiveKit doesn’t send a client certificate for outbound TLS sessions.

Question:
Is client-certificate authentication supported for outbound SIP trunks in LiveKit?
Has anyone implemented a workaround for outbound TLS requiring mutual TLS (mTLS)?