How to install certificate from a SSL Certificate Provider to PBX (under constraction)

In case you've decided to use specific SSL certificate or PBX has no access to Wildix certificate-updater service.

What is SSL and SSL Certificate?

Secured Socket Layer (SSL) is the technology that make sure data between two machines (in our case – a browser/phone and PBX) is transmitted securely in an encrypted connection (HTTPS).

An SSL Certificate is a digital certificate that confirm the identity of a website. It is usually represented as a pair of small text files with encrypted data (Certificate *.crt and Private Key *.key)

To implement  SSL on your PBX in the absence of access to Wildix certificate-updater service, you will need to:

• submit a CSR (Certificate Signing Request)  to a SSL Certificate Provider, aka. Certification Authority and get an SSL Certificate

or

• create /wiki/spaces/DOC/pages/30283909 by you own. These certificates are easy to make and do not cost money. However, they do not provide all of the security properties that certificates signed by a CA aim to provide.

Then you need to import certificate and private key to PBX.

Step-by-step guide

1. Get certificate from CA (or create self-signed certificate and proceed with step 2)

   1. Select one of Certificate Providers that will suits you requirements. For instance SSL.com, Namecheap, TheSSLStore, GoDaddy, GlobalSign, DigiCert, Thawte, GeoTrust, Entrust, Network Solutions, etc...

   2. Create a CSR (Certificate Signing Request) either using a Linux shell (PBX shell preferred) or Certificate Provider tools.
      

      Linux shell command to create CSR

      openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

      CSR configuration require the details as follows below:

      • Common Name (the domain name of PBX). It is highly recommended to use sub-domain wildcard for it ( *.<yourdomain>.<com> )
        
      • Country (two-letter code)
      • State (or province)
      • Locality (or city)
      • Organization
      • Organizational Unit (Department)

      • E-mail address

   3. Keep resulting key and csr files. It content should include encrypted data and headers :

      -----BEGIN CERTIFICATE REQUEST-----

      ...some data...

      -----END CERTIFICATE REQUEST-----

      and

      -----BEGIN PRIVATE KEY-----

      ....some data...

      -----END PRIVATE KEY-----

   4. Order a certificate from one of Certificate Providers and provide them CSR file.
   5. Validate domain ownership with CA using one of three validation types: Domain Validated (DV), Organization Validated (OV), Extended Validation (EV). Please note that some sub-types require internet connection.

2. Configure internal DNS. PBX domain name should correspond IP of PBX.

3. Import certificate (click pic below)

   1. Login PBX web interface with administrative account
   2. Open Settings >> PBX >> SIP-RTP
   3. Upload certificate files
   4. Save

Related articles

• Page:
  How to configure and use Push-to-talk for x-hoppers
• Page:
  How to configure and use CLASSOUND
• Page:
  How to control calls using Flash button on FXS Media Gateways
• Page:
  Domain Whitelist (Allow Origin) Configuration - Admin Instruction
• Page:
  How to upgrade MonoLED-BT and DuoLED-BT firmware