HOWTO Inserting SSL Certificate in PBXware

From Bicom Systems Wiki


If you are using PBXware version 4.1, you can easily create and download your PBXwares private key and CSR files from PBXware Setup Wizard, in order to send them to certificate authorities:

HOWTO SSL Certificate Installation Guide



To start generating your certificate login to your PBXware shell. At the prompt, enter:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

where server is the name of your server.

This will begin the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file used to apply for your SSL Certificate.

When you are prompted for the Common Name enter fully qualified domain name for the site you are securing. If you are generating an Nginx CSR for a Wildcard SSL Certificate make sure your common name starts with an asterisk (e.g. *.example.com).

After that, you will be prompted for your organizational information, beginning with geographic information.

Your .csr file will then be created.

Save (backup) the generated .key file as it will be required later when installing your SSL certificate in Nginx.

In order to install certificate on your PBXware 3.8 you'll need to obtain it from certain certification authority. Once you get signed certificate you'll need to import it to PBXware.

First, copy your certification files to

/opt/pbxware/pw/etc/ssl/nginx/

After you did that, navigate to /opt/pbxware/pw/etc/ssl/nginx/

cd /opt/pbxware/pw/etc/ssl/nginx/

Your certificate files need to be renamed accordingly to:

nginx.crt
nginx.key

but before you rename these files, it is suggested to create a backup of existing nginx.crt and nginx.key files:

mv nginx.crt nginx.crt.bak
mv nginx.key nginx.key.bak

Now, rename your certificate files:

mv your-certificate.crt nginx.crt
mv your-certificate.key nginx.key

You had to rename your files in order for paths to match nginx.conf settings:

   ##ssl portion
   server {
        listen        0.0.0.0:443;
       server_name    localhost;   
       server_name_in_redirect off;
       root /home/sitemanager/admin;
       ssl on;
       ssl_certificate        /etc/ssl/nginx/nginx.crt;
       ssl_certificate_key    /etc/ssl/nginx/nginx.key;
       ssl_ciphers  ALL:!aNULL:!ADH:!eNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!EXP;
       ssl_prefer_server_ciphers   on;

NOTE: Do not edit SSL certificate and SSL certificate key paths in nginx.conf so they match your files name and location, as on PBXware update nginx.conf file will get reverted to it's default settings and your certificate keys will not work.

Final step is to restart Nginx.

Stop nginx using command:

/opt/pbxware/sh/nginx -s stop

Start nginx with:

/opt/pbxware/sh/nginx