Tom Waterman Posted April 7, 2010 Report Share Posted April 7, 2010 Hello all. I am going to install a certificate on the PBX so it will communicate with Exchange 2007. My question is do I HAVE to install it (the certificate) on all of the sip phones? and what about devices(extensions) that don't support certificates? Thank you for the help. Tom Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted April 8, 2010 Report Share Posted April 8, 2010 Hello all. I am going to install a certificate on the PBX so it will communicate with Exchange 2007. My question is do I HAVE to install it (the certificate) on all of the sip phones? and what about devices(extensions) that don't support certificates? By default it comes with a self-signed certificate. I believe it might even have expired... In version 4, you can load a certificate either globalls or for a specific domain. If you want to load a domain certificate, then the client must support the TLS extension that tells the PBX which domain the request goes to. So if you have just one domain, it is problably easier to just load a global certificate. With the certificate you must also load the private key. The certificate may contain a certificate chain; so that you include the certificate that the PBX should use for encryption, but also the other certificates that signed the certificate. For example, if you buy a certificate from Verisign, then you can include the Root CA from Verisign (which practically everybody trusts), maybe some intermediate certificates and finally the certificate of the PBX. Everything in this ----BEGIN---- base64-encoded form. Quote Link to comment Share on other sites More sharing options...
Great Office - Hummig KG Posted August 23, 2010 Report Share Posted August 23, 2010 By default it comes with a self-signed certificate. I believe it might even have expired... In version 4, you can load a certificate either globalls or for a specific domain. If you want to load a domain certificate, then the client must support the TLS extension that tells the PBX which domain the request goes to. So if you have just one domain, it is problably easier to just load a global certificate. With the certificate you must also load the private key. The certificate may contain a certificate chain; so that you include the certificate that the PBX should use for encryption, but also the other certificates that signed the certificate. For example, if you buy a certificate from Verisign, then you can include the Root CA from Verisign (which practically everybody trusts), maybe some intermediate certificates and finally the certificate of the PBX. Everything in this ----BEGIN---- base64-encoded form. I've spent hours to get the pbx running with certificates, but without success. I've copied the certificates (Base64) into the upper section 'Certificates' and the Private Key into 'Private Key'. After clicking 'Save' I see 'Starfield Secure Certification Authority' above the Text Field 'Certificates' along with a 'delete'-icon which might show a successful upload of the certificate. After rebooting the pbx, https access is no longer possible at all. It is really not a problem of browser certificate errors only. The browser won't get a https-connection to the pbx at all. But with http I get access the pbx again, in order to delete the certificate. I wonder why the xml-file in the certificate folder of the pbx doesn't contain the private key. Is this normal? What about the domain section of the xml file? Does it match anything with the domain of the pbx? In this section we see 'Starfield Secure Certification Authority' Any idea? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted August 24, 2010 Report Share Posted August 24, 2010 I wonder why the xml-file in the certificate folder of the pbx doesn't contain the private key. Is this normal? What about the domain section of the xml file? Does it match anything with the domain of the pbx? In this section we see 'Starfield Secure Certification Authority' Can you generate a sample that you can share with us here (especially the private key part...). As you know, the private key and the certificate must match, so we need both to check what is going on. Quote Link to comment Share on other sites More sharing options...
Great Office - Hummig KG Posted August 24, 2010 Report Share Posted August 24, 2010 Update: Seems to be a problem with the certificate itself. Tried to install another certificate (from my IIS7). This is accepted by the pbx and works (but invalid due to the wrong domain of course). I will request a new certificate but don't know how to get the PBX's certificate request I need to issue a new cert. How to get it? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted August 24, 2010 Report Share Posted August 24, 2010 I will request a new certificate but don't know how to get the PBX's certificate request I need to issue a new cert. How to get it? Yea, that is a pain... There was a post here http://forum.pbxnsip.com/index.php?showtopic=3450 that explained how to use openssl. If you want to get a signature from someone you can trust, you need to generate a CSR file (certificat signing request or so) and have it signed by the authority. The PBX itself does not issue the certificate. Quote Link to comment Share on other sites More sharing options...
Guest Gary Fett Posted September 10, 2010 Report Share Posted September 10, 2010 Does a Certificate need to be updated from time to time? Quote Link to comment Share on other sites More sharing options...
shopcomputer Posted September 13, 2010 Report Share Posted September 13, 2010 Does a Certificate need to be updated from time to time? Yes, when it expires. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.