HTTPS and SSL Certificates

SSL settings are found under Server > Networking > HTTPS and Proxy.

If you do not have an SSL Certificate for encrypting your organization's web traffic, Managed by Switchvox should be set to YES.

Managed by Switchvox

When Managed by Switchvox is YES, Switchvox auto-generates a certificate for internal web traffic. This CA Certificate is available on the CA Certs tab, at the top of the list. You can download a copy for use in a client that will communicate with Switchvox via HTTPS.

Custom SSL Certificate Data

3rd Party Certificate Authority

If you have your own SSL Certificate from a trusted 3rd party Certificate Authority, then set Managed by Switchvox to No so that you can enter the certificate data. This can be used for a single subdomain certificate, or a wildcard certificate for multiple subdomains (SAN certificates). All fields are required. Switchvox will use this certificate instead of generating its own certificate data. 

Important
The certificate is verified with the Mozilla CA Certificate Store, and the Intermediate CA Certificate must link to either the Mozilla CA Certificate Store, or to your own Certificate Authority (provided in that tab on Switchvox's HTTPS and Proxy page). If Switchvox cannot verify the certificate you have, then there are several options:

1. Obtain a certificate that can be verified.
2. Set Managed by Switchvox to Yes until you can obtain a verified certificate.
3. If your Switchvox is fully isolated from the public Internet, you may consider turning off the Digium Phones' requirement for a secured SSL environment with a valid SSL certificate. For details, see Managing the Switchvox SSL Certificate and Digium Phones.

Internal Certificate Authorities

If your organization is it's own Certificate Authority for its internal web services, you can enter that certificate on the CA Certs tab. Switchvox will use that to facilitate communications with services such as an LDAP server. 

You can enter both types of Certificate data. For example, you may have a 3rd party certificate for your external web site, and a CA Cert for your internal directory services.

If you are uploading your own Certificate Authority, and it includes intermediates, you may see the certificate bundle resemble:

-----BEGIN CERTIFICATE-----
MIIRandomData
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIMoreRandomData
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEvenMoreRandomData
-----END CERTIFICATE-----

In this case, you should load each intermediate separately as its own CA (one complete "Begin" preamble, payload, and "End" post-amble each) - you will end up with 3 entries into Switchvox.

If you attempt to load all three into Switchvox as a single Certificate Authority, you will experience SSL error on connected devices, notably desk phones.

Prior Version: SERVER-NETWORKING (6.0)