In case you've decided to use specific SSL certificate or PBX has no access to Wildix certificate-updater service.
What is SSL and SSL Certificate?
Secured Socket Layer (SSL) is the technology that make sure data between two machines (in our case – a browser/phone and PBX) is transmitted securely in an encrypted connection (HTTPS).
An SSL Certificate is a digital certificate that confirm the identity of a website. It is usually represented as a pair of small text files with encrypted data (Certificate *.crt and Private Key *.key)
To implement SSL on your PBX in the absence of access to Wildix certificate-updater service, you will need to:
- submit a CSR (Certificate Signing Request) to a SSL Certificate Provider, aka. Certification Authority and get an SSL Certificate
or
- create /wiki/spaces/DOC/pages/30283909 by you own. These certificates are easy to make and do not cost money. However, they do not provide all of the security properties that certificates signed by a CA aim to provide.
Then you need to import certificate and private key to PBX.
Step-by-step guide
Get certificate from CA (or create self-signed certificate and proceed with step 2)
- Select one of Certificate Providers that will suits you requirements. For instance SSL.com, Namecheap, TheSSLStore, GoDaddy, GlobalSign, DigiCert, Thawte, GeoTrust, Entrust, Network Solutions, etc...
Create a CSR (Certificate Signing Request) either using a Linux shell (PBX shell preferred) or Certificate Provider tools.
Linux shell command to create CSRopenssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
CSR configuration require the details as follows below:
- Common Name (the domain name of PBX). It is highly recommended to use sub-domain wildcard for it ( *.<yourdomain>.<com> )
- Country (two-letter code)
- State (or province)
- Locality (or city)
- Organization
- Organizational Unit (Department)
E-mail address
- Common Name (the domain name of PBX). It is highly recommended to use sub-domain wildcard for it ( *.<yourdomain>.<com> )
Keep resulting key and csr files. It content should include encrypted data and headers :
-----BEGIN CERTIFICATE REQUEST-----
...some data...
-----END CERTIFICATE REQUEST-----
and
-----BEGIN PRIVATE KEY-----
....some data...
-----END PRIVATE KEY-----
- Order a certificate from one of Certificate Providers and provide them CSR file.
- Validate domain ownership with CA using one of three validation types: Domain Validated (DV), Organization Validated (OV), Extended Validation (EV). Please note that some sub-types require internet connection.
Configure internal DNS. PBX domain name should correspond IP of PBX.
Import certificate (click pic below)
- Login PBX web interface with administrative account
- Open Settings >> PBX >> SIP-RTP
- Upload certificate files
- Save
Related articles