Digium

How do I set a self-signed custom SSL certificate for the Switchvox PBX?

Printable View
« Go Back
Information

Part I: Instructions on how to set a self-signed custom SSL certificate for the Switchvox PBX.

NOTE:  If at any time during this process you cannot access your web admin you can reset the SSL certificate on the console of the PBX.  

There are two ways to create a Self Signed Certificate, you can create one by going to this website http://www.mobilefish.com/services/ssl_certificates/ssl_certificates.php. Then You can generate the certificate and then install in the Advanced Settings of your Network Settings in Switchvox.

If that is not what you are looking for then here is a more in depth approach:

The Switchvox doesn't have a CSR generating utility, however you can download a tool to create the CSR with your desktop. Here's an example of one way to do this.

Win32 OpenSSL v0.9.8e Light should be fine.

After it is installed, not much will happen, and there won't be a shortcut to the executable.

  1. Open your windows Start Menu
  2. Click Run
  3. Type CMD and click OK. This will bring you to a command prompt.
  4. Navigate to the directory where openssl was installed. (default: C:\OpenSSL\).
  5. Go in to the bin directory so that you're in C:\OpenSSL\bin\ and you should see openssl.exe in there. You don't have to run openssl.exe directly. From this point you can follow the process found here:https://web.archive.org/web/20170324210904/https://www.instantssl.com/ssl-certificate-support/csr-generation/ssl-certificate-mod-ssl.html

Your first command should look something like: C:\OpenSSL\bin>openssl req -new -nodes -keyout myserver.key -out server.csr
When you are finished with the steps, your CSR should now have been created.

  1. Open the server.csr in a text editor and copy and paste the contents into the Custom SSL Certificate sections in Network Settings
  • In the X.509 Certificate in PEM Format field, you will be using The Self-Signed SSL Certificate (cert)
  • In the The Private Key (privatekey) field, you will be using the The Private Key (privatekey)
  • In the Intermediate CA Certificate in PEM Format field, you will be using The Self-Signed SSL Certificate (cert)
  1. Once this is set, log into the web portal of your Switchvox. This will prompt you with the certificate error
  2. Accept the certificate. This should allow you to login to the web admin without any certificate errors.

Part 2: Instructions for installing a third party certificate.

Quick overview: You use openssl on your own computer to create a CSR and a Key, then take the CSR to a Certificate Authority (aka CA, Godaddy in the example above). Your CA will use your CSR to create a CRT. You use the CRT along with the Key to configure Switchvox.

Details: Steps to purchase and install a Secure Certificate for Switchvox SMB:

  1. Use a utility to create a CSR (Certificate Service Request) which will also create a Key file. The CSR file will end in .csr and the key will end in .key
  • On a machine such as a Mac with OS X use openssl. At the command line enter:
  1. openssl genrsa -out <name of your certificate>.key 2048
  2. openssl req -new -key <name of your certificate>.key -out <name of your certificate>.csr
  • Answer the questions that openssl asks. NOTE: If you enter '.', the field will be left blank. Note for Wildcard SSL prepend with the domain name with "*" for example "*.domain.com"
  • Country Name (2 letter code) [AU]: US
  • State or Province Name (full name) [Some-State]: Arizona
  • Locality Name (eg, city) []: Phoenix
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
  • Organizational Unit Name (eg, section) []: IT
  • Common Name (eg, YOUR name) []: mysubdomain.mydomain.com
  • Email Address []: email@mydomain.com
  • Please enter the following 'extra' attributes to be sent with your certificate request (no password necessary)
  1. A challenge password []: IamNotTellinYou
  2. An optional company name []:
  3. There may be alternatives to generating a CSR without openssl on the command line. This has NOT been tested by Chromis: on Windows: http://www.instantssl.com/ssl-certificate-support/csr_generation/ssl-certificate-mod_ssl.html.
  • These steps will create a CSR (.csr file) and a Key (.key file).
  1. Take the CSR to CA (Certificate Authority) such as Godaddy. Purchase a SSL Certificate (CRT). Request or generate the CRT; you will need your CSR. Godaddy requires that you request the CRT and will prompt you for your CSR. Godaddy has a certificate manager page when you log in to your account on their website.
  2. Download the CRT. Along with the CRT you will receive a file called a "bundle". The files may be ZIpped; if so, expand the files.
  3. You will end up with two files to use with Switchvox, and the bundle will have 3-4 more cert files. (note that your crt and key file names will be different that the examples below and they might not reflect yourdomain name):
  • yourdomain.crt (your CA creates this using your CSR)
  • yourdomain.key (this is created by you at the same time you created your CSR)
  1. Open these files in a plain text editor and copy the WHOLE*** contents of each file and paste into Switchvox (in Switchvox navigate to the Server drop down menu then select HTTPS and PROXY ) as follows:
  • X.509 Certificate in PEM Format = yourdomain.crt
  • RSA Private Key in PEM Format = yourdomain.key
  • IMPORTANT - If running version 5.x you will leave the Intermediate CA Certificate in PEM Format field blank. However, if running Switchvox v.6.x or higher, you will need to paste the Intermediate Certificate in this field. Copy one of the certs from the bundle in the intermediate - at this point if you get a validation error (not a PEM error), then try a different bundle cert until it goes through
  1. Click the Save HTTPS and PROXY


Once the save is complete you should be able to use Switchvox without accepting a private certificate. If you review the SSL settings in Switchvox under v. 5.x you may notice the Intermediate CA Certificate field has now been populated automatically. Under v.6.x you will have to enter the information in that field.

So in summary, you use openssl on your own computer to create a CSR and a Key. You take the CSR to a Certificate Authority (aka CA, Godaddy in the example above). Your CA will use your CSR to create a CRT. You use the CRT along with the Key to configure Switchvox.

*** Note that your .csr, .key, and .crt files will look something like this:

x.500 Certificate & Intermediate CA Certificate should start/end with:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
 

RSA Private Key should start/end with:


-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

Copy everything included the BEGIN and END lines.

 
How do I set a self-signed custom SSL certificate for the Switchvox PBX?
Custom-SSL-certificate
Article Details
 

Powered by