Type the Document Description here!


<div id="fb-root"></div>
<script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>



<span class="page-title-pdf">How to install certificate from an SSL Certificate Provider to PBX</span>



<div class="fb-like" data-href="https://confluence.wildix.com/x/O4O5Aw" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div>


 <div class="lang-box-pdf">
	<div>
		<div class="google-lang">
			<div id="google_translate_element">
			</div>
			<script type="text/javascript">
					function googleTranslateElementInit() {
						new google.translate.TranslateElement({pageLanguage: 'en', includedLanguages: 'de,es,fr,it,nl', autoDisplay: false}, 'google_translate_element');
						}
			</script>
			<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
		</div>
		
		<div class="pdf-button">
			<a href="https://confluence.wildix.com/spaces/flyingpdf/pdfpageexport.action?pageId=62489403" alt="Convert to .pdf" title="Convert to .pdf"><img src="https://confluence.wildix.com/download/attachments/14549012/pdf-button-download-wildix-documentation.png"></a>
		</div>
	</div>
</div>


In case you've decided to use specific SSL certificate or PBX has no access to Wildix certificate-updater service.

Created: February 2020

Updated: August 2020

Permalink: https://confluence.wildix.com/x/O4O5Aw


Important: in WMS 5.0X Custom certificates are accepted only with signature algorithm not lower than SHA256.


Intro: What is SSL and an SSL Certificate

Secured Socket Layer (SSL) is the technology that ensures that data between two machines (in our case – a browser/ phone and PBX) is transmitted securely in an encrypted connection (HTTPS).

An SSL Certificate is a digital certificate that confirms the identity of a website. It is usually represented as a pair of small text files with encrypted data (Certificate *.crt and Private Key *.key).

To implement SSL on your PBX in the absence of access to Wildix certificate-updater service, you need to:

or

Then you need to import certificate and private key to PBX.

Step-by-step guide

Step 1. 

You can rather request a certificate from a Certification Authority or generate a self-signed certificate.

Get a certificate from a Certification Authority 

  1. Select one of Certificate Providers that suit your requirements. For instance, SSL.com, Namecheap, TheSSLStore, GoDaddy, GlobalSign, DigiCert, Thawte, GeoTrust, Entrust, Network Solutions, etc.
  2. Create a CSR (Certificate Signing Request) either using a Linux shell (PBX shell preferred) or Certificate Provider tools:

    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

    CSR configuration requires the details as follows below:

  3. Keep resulting key and csr files. Its content should include encrypted data and headers :

    -----BEGIN CERTIFICATE REQUEST-----

    ...some data...

    -----END CERTIFICATE REQUEST-----

    and

    -----BEGIN PRIVATE KEY-----

    ....some data...

    -----END PRIVATE KEY-----

  4. Order a certificate from one of Certificate Providers and provide them the CSR file
  5. Validate domain ownership with CA using one of three validation types: Domain Validated (DV), Organization Validated (OV), Extended Validation (EV) 

    Please note that some sub-types require internet connection.


Generate self-signed certificate 

Generate certificate on LINUX system using the command:

openssl genrsa -des3 -out server.key 2048
openssl rsa -in server.key -out server.key
openssl req -sha256 -new -key server.key -out server.csr -subj “/C=IT/ST=TN/L=My City/O=My Company/CN=examplecompany.com”
openssl x509 -req -sha256 -days 3650 -in server.csr -signkey server.key -out server.crt


Use your country instead of IT (Italy) and your region instead of TN (Trento) in the string “/C=IT/ST=TN/L=My City/O=My Company/CN=examplecompany.com”


Output:

server.crt server.csr server.key

Step 2. Configure internal DNS

Configure internal DNS. PBX domain name should correspond IP of PBX.

Step 3. Import the certificate

To import the certificate:

  1. Login PBX web interface with administrative account
  2. Go to WMS Settings -> PBX -> SIP-RTP
  3. Upload certificate files: Certificate *.crt and Private Key *.key
  4. Click Save

           

<div class="fb-like" data-href="https://confluence.wildix.com/x/O4O5Aw" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div>



<div class="ask-question">
		<div class="text-before-buttons">
			<span style="font-size: 24px; text-align: center;">Not finding the help you need?</span><br>
Join the Facebook group to ask a question!
		</div>
<div class="fb-buttons">
<span style="align: center;"><a href="https://www.facebook.com/groups/wildixtechwizards" target="_blank"><img src="https://manuals.wildix.com/wp-content/uploads/2017/03/facebook_tech-wizards.png" alt="facebook_tech-wizards" width="282" height="80" align="center"/></a></span></div>
	</div>