Scroll export button | ||||||||
---|---|---|---|---|---|---|---|---|
|
Info |
---|
In case you've decided to use specific SSL certificate or PBX has no access to Wildix certificate-updater service. Created: February 2020 Updated: August 2020 Permalink: https://wildix.atlassian.net/wiki/x/QBDOAQ |
Warning |
---|
Important: in WMS 5.0X Custom certificates are accepted only with signature algorithm not lower than SHA256. |
Table of Contents |
---|
Intro: What is SSL and an SSL Certificate
...
Secured Socket Layer (SSL) is the technology that ensures that make sure data between two machines (in our case – a browser/ phone and PBX) is transmitted securely in an encrypted connection (HTTPS).
An SSL Certificate is a digital certificate that confirm confirms the identity of a website. It is usually represented as a pair of small text files with encrypted data (Certificate *.crt and Private Key *.key).
To implement implement SSL on your PBX in the absence of access to Wildix certificate-updater service, you will need to:
- submit a CSR (Certificate Signing Request) to a an SSL Certificate Provider , aka. (Certification Authority) and get an SSL Certificate
...
- create /wiki/spaces/DOC/pages/30283909 by you own. These certificates are easy to make and do not cost moneythey are free. However, they do not provide all of the security properties that certificates signed by a CA aim to provide.
Then you need to import certificate and private key to PBX.
Step-by-step guide
...
Step 1.
You can rather request a certificate from a Certification Authority or generate a self-signed certificate.
Get a certificate from a Certification Authority
Anchor | ||||
---|---|---|---|---|
|
- Select one of Certificate Providers that will suits you suit your requirements. For instance, SSL.com, Namecheap, TheSSLStore, GoDaddy, GlobalSign, DigiCert, Thawte, GeoTrust, Entrust, Network Solutions, etc...
Create a CSR (Certificate Signing Request) either using a Linux shell (PBX shell preferred) or Certificate Provider tools
.:
Code Block language bash title Linux shell command to create CSR openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
CSR configuration
requirerequires the details as follows below:
- Common Name (the domain name of PBX). It is highly recommended to use sub-domain wildcard
- ( *.<yourdomain>.<com> )
- Country (two-letter code)
- State (or province)
- Locality (or city)
- Organization
- Organizational Unit (Department)
E-mail address
Keep resulting key and csr files.
ItIts content should include encrypted data and headers :
-----BEGIN CERTIFICATE REQUEST-----
...some data...
-----END CERTIFICATE REQUEST-----
and
-----BEGIN PRIVATE KEY-----
....some data...
-----END PRIVATE KEY-----
- Order a certificate from one of Certificate Providers and provide them the CSR file.
Validate domain ownership with CA using one of three validation types: Domain Validated (DV), Organization Validated (OV), Extended Validation (EV)
.Warning Please note that some sub-types require internet connection.
Generate self-signed certificate
Anchor | ||||
---|---|---|---|---|
|
Generate certificate on LINUX system using the command:
Code Block |
---|
openssl genrsa -des3 -out server.key 2048 openssl rsa -in server.key -out server.key openssl req -sha256 -new -key server.key -out server.csr -subj “/C=IT/ST=TN/L=My City/O=My Company/CN=examplecompany.com” openssl x509 -req -sha256 -days 3650 -in server.csr -signkey server.key -out server.crt |
Note |
---|
Use your country instead of IT (Italy) and your region instead of TN (Trento) in the string “/C=IT/ST=TN/L=My City/O=My Company/CN=examplecompany.com” |
Output:
server.crt server.csr server.key
Step 2. Configure internal DNS
Configure internal DNS. PBX domain name should correspond IP of PBX.
Step 3. Import
...
the certificate
To import the certificate:
- Login PBX web interface with administrative account
- Open Settings >> PBX >> Go to WMS Settings -> PBX -> SIP-RTP
- Upload certificate files: Certificate *.crt and Private Key *.key
- Click Save
Info |
---|
Additional info: Buy-ssl-certificate , |
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
hidden | true |
---|
...
Macrosuite divider macro | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Button macro | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|