SSL Certificates
In sipXecs 4.0 or higher certificates can be installed via sipXconfig. (in System -> Web Certificates) This page allows the administrator to generate a Certificate Signing Request (CSR) and import a certificate. The certificate can be imported from text or from a certificate file. The certificate file must be in a 'PEM' format (a base64 text encoding). If the certificate file is done in a "DER" format (a binary encoding) this can be converted to the proper format from the linux command line by:
openssl x509 -in <der-format-file> -inform DER -out <pem-format-name> -outform PEM
Next we need a valid SSL certificate. The following script generates a self-signed certificate. These are also the steps to follow if you need to re-generate an expiring self-signed certificate. This is the easiest way and for most applications secure enough. If you want a certificate provided by a Certificate Authority you can go to many well known Certificate Authorities such as Geotrust.
TIP - Prior to creating a new self-signed certificate - login to sipxecs as superadmin, go to systems/certificates. Click on Certificate Autorities link on the left menu. Existing system certificates are shown in a list. Select the link for ca.Your.Domain.crf and open it. The details displayed provide accurate details required to regenerate your existing certificate. Ensuring you use the same details ensures good results when re-building the certificate.
{{Box Code|Generate valid SSL certificate|
mkdir $HOME/sslkeys
cd $HOME/sslkeys
/usr/bin/ssl-cert/gen-ssl-keys.sh
gen-ssl-keys.sh
will prompt for you for input including:
- CA Common Name (DNS name for CA): Enter anything but NOT the DNS name of your server''
- SIP domain name: The domain name of your installation''
- Full DNS name for the server: Enter fully qualified hostname of your sipX server''
/usr/bin/ssl-cert/install-cert.sh