In sipXecs 4.0 or higher certificates can be installed via sipXconfig. (in System -> Web Certificates) This page allows the administrator to generate a Certificate Signing Request (CSR) and import a certificate. The certificate can be imported from text or from a certificate file. The certificate file must be in a 'PEM' format (a base64 text encoding). If the certificate file is done in a "DER" format (a binary encoding) this can be converted to the proper format from the linux command line by:
openssl x509 -in <der-format-file> -inform DER -out <pem-format-name> -outform PEM
Next we need a valid SSL certificate. The following script generates a self-signed certificate. This is the easiest way and for most applications secure enough. If you want a certificate provided by a Certificate Authority you can go to many well known Certificate Authorities such as Geotrust.
{{Box Code|Generate valid SSL certificate|
mkdir $HOME/sslkeys
cd $HOME/sslkeys
/usr/bin/ssl-cert/gen-ssl-keys.sh
gen-ssl-keys.sh
will prompt for you for input including:
- CA Common Name (DNS name for CA): Enter anything but NOT the DNS name of your server''
- SIP domain name: The domain name of your installation''
- Full DNS name for the server: Enter fully qualified hostname of your sipX server''
/usr/bin/ssl-cert/install-cert.sh
}}