1. Bicom Systems
  2. Solution home
  3. PBXware
  4. HOWTOs

General :: HOWTO PBXware SSL

HOWTO PBXware SSL Certificate Installation Guide


INSTALL SSL CERTIFICATE TO PBXware

  • Navigate to the SSL Certification step in the Setup wizard
  • Choose installation method:
    • select “System provided” in order to create or download CSR file to be used for obtaining an SSL certificate (see GENERATE PRIVATE KEY AND CSR)
    • select “Upload my own private key” to use a private key generated elsewhere
  • Import private key (if not created through setup wizard) and certificate files.
  • Import intermediate certificate file (optional) if provided by the CA. If uploaded, it will be appended to the certificate file and used as one certificate.
  • All files must be <= 50kB, an alert should appear if oversized. Private key and certificates must match.
  • Begin certificate installation.


GENERATE PRIVATE KEY AND CSR

Generate private key and CSR

  • Navigate to “Generate private key and CSR” page by choosing the “System provided” method on the first page and following the “Create private key and CSR” link.
  • Provide information about party for which the certificate will be issued
    • all fields are required
    • “Generate CSR” button should remain disabled until all fields are populated
    • the country will be pre-populated based on the user’s timezone if set in /etc/localtime
  • Submit your information by clicking the “Generate CSR” button - keep in mind that if a CSR file already exists, it will be overwritten, as well as the stored private key.
  • Check if private key and CSR files are created in /opt/httpd/etc/ssl_temp/ (ssl_cert.csr, ssl_cert.key).
  • Copy CSR output or download a CSR file.
  • Use created CSR to generate and sign an SSL certificate.
  • Go back to the first page to install your certificate.

Use Let's Encrypt Certificate

Let’s Encrypt is a free, automated, and open Certificate Authority used for setting up an HTTPS server and having it automatically obtain a browser-trusted certificate, without any human intervention (https://letsencrypt.org/).

This means the customer will need to install the certificate only once, and it will be automatically renewed once it is about to expire. When the SSL certificate is about to expire as PBXware and Let’s encrypt service will renew the certificate every 90 days automatically without any need for user interaction.

To start using Let's Encrypt in the PBXware Setup Wizard SSL Certification tab under the Method: choose "USE LET'S ENCRYPT" and populate required fields.

  • Email Account:

Enter valid Email address

  • Domain Name:

Enter the domain name (You have to be the owner of this domain)

Press the "Install certificate" button to apply.

NOTE:

  • The SSL certificate is checked every 30 days by PBXware.
  • If the certificate is about to expire in a month or has already expired, a warning message will appear at the bottom of the “Currently installed certificate information”


SERVICES AFFECTED (WITH CORRESPONDING FILES)

  • NGINX
    • /opt/pbxware/pw/etc/ssl/nginx - nginx.key, nginx.crt, nginx.csr
    • After first successful install, backup files nginx.key.bak, nginx.crt.bak and nginx.csr.bak will be created at the same path.
    • Check if the service restarted successfully.
  • PWPROXY
    • /opt/pbxware/pw/etc/pwproxy - pwproxy.key (private key and certificate concatenated in one file)
    • After the first successful install, backup file pwproxy.key.bak will be created at the same path.
    • Check if the service restarted successfully.
  • JABBER C2S
    • /opt/pbxware/pw/etc/jabber - server.pem (private key and certificate concatenated in one file)
    • After the first successful install, the backup file server.pem.bak will be created at the same path.
    • Check if the service restarted successfully.
  • ASTERISK
    • /opt/pbxware/pw/etc/asterisk - asterisk.pem (private key and certificate concatenated in one file)
    • After the first successful install, backup file asterisk.pem.bak will be created at the same path.
    • There is no need for service restart.
  • HTTPD (SETUP WIZARD ITSELF)
    • /opt/httpd/etc/ - server.key (private key and certificate concatenated in one file)
    • After the first successful install, the backup file server.key.bak will be created at the same path.
    • Check if the service restarted successfully (a restart will be performed in the background, so that client isn’t aware of the process).

NOTE:

  • If an error occurs in any of the installation steps, all changed files will be restored from their backups (if any) and the corresponding services will restart again.