...
Get certificate from CA (or create self-signed certificate and proceed with step 2)
- Select one of Certificate Providers that will suits you requirements. For instance SSL.com, Namecheap, TheSSLStore, GoDaddy, GlobalSign, DigiCert, Thawte, GeoTrust, Entrust, Network Solutions, etc...
Create a CSR (Certificate Signing Request) either using a Linux shell (PBX shell preferred) or Certificate Provider tools.
Code Block language bash title Linux shell command to create CSR openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
CSR configuration require the details as follows below:
- Common Name (the domain name of PBX). It is highly recommended to use sub-domain wildcard ( *.<yourdomain>.<com> )
- Country (two-letter code)
- State (or province)
- Locality (or city)
- Organization
- Organizational Unit (Department)
E-mail address
- Common Name (the domain name of PBX). It is highly recommended to use sub-domain wildcard ( *.<yourdomain>.<com> )
Keep resulting key and csr files. It content should include encrypted data and headers :
-----BEGIN CERTIFICATE REQUEST-----
...some data...
-----END CERTIFICATE REQUEST-----
and
-----BEGIN PRIVATE KEY-----
....some data...
-----END PRIVATE KEY-----
- Order a certificate from one of Certificate Providers and provide them CSR file.
- Validate domain ownership with CA using one of three validation types: Domain Validated (DV), Organization Validated (OV), Extended Validation (EV). Please note that some sub-types require internet connection.
Configure internal DNS. PBX domain name should correspond IP of PBX.
Import certificate (click pic below)
- Login PBX web interface with administrative account
- Open Settings >> PBX >> SIP-RTP
- Upload certificate files
- Save
...