HOWTO SSL Certificate Installation Guide

From Bicom Systems Wiki


INSTALL SSL CERTIFICATE TO PBXware

SSL Installation
  • Navigate to SSL Certification step in Setup wizard
  • Choose installation method:
    • select “System provided” in order to create or download CSR file to be used for obtaining an SSL certificate (see GENERATE PRIVATE KEY AND CSR)
    • select “Upload my own private key” to use a private key generated elsewhere
  • Import private key (if not created through setup wizard) and certificate files.
  • Import intermediate certificate file (optional) if provided by the CA. If uploaded, it will be appended to the certificate file and used as one certificate.
  • All files must be <= 50kB, an alert should appear if oversized. Private key and certificates must match.
  • Begin certificate installation.



GENERATE PRIVATE KEY AND CSR

Generate private key and CSR
  • Navigate to “Generate private key and CSR” page by choosing the “System provided” method on the first page and following the “Create private key and CSR” link.
  • Provide information about party for which the certificate will be issued
    • all fields are required
    • “Generate CSR” button should remain disabled until all fields are populated
    • country will be pre-populated based on user’s timezone, if set in /etc/localtime
  • Submit your information by clicking the “Generate CSR” button - keep in mind that if a CSR file already exists, it will be overwritten, as well as the stored private key.
  • Check if private key and CSR files are created in /opt/httpd/etc/ssl_temp/ (ssl_cert.csr, ssl_cert.key).
  • Copy CSR output or download a CSR file.
  • Use created CSR to generate and sign SSL certificate.
  • Go back to first page to install your certificate.


NOTES:

  • If the certificate is about to expire in a month or less, or has already expired, a warning message will appear at the bottom of the “Currently installed certificate information”


SERVICES AFFECTED (WITH CORRESPONDING FILES)

  • NGINX
    • /opt/pbxware/pw/etc/ssl/nginx - nginx.key, nginx.crt, nginx.csr
    • After first successful install, backup files nginx.key.bak, nginx.crt.bak and nginx.csr.bak will be created at the same path.
    • Check if service restarted successfully.
  • PWPROXY
    • /opt/pbxware/pw/etc/pwproxy - pwproxy.key (private key and certificate concatenated in one file)
    • After first successful install, backup file pwproxy.key.bak will be created at the same path.
    • Check if service restarted successfully.
  • JABBER C2S
    • /opt/pbxware/pw/etc/jabber - server.pem (private key and certificate concatenated in one file)
    • After first successful install, backup file server.pem.bak will be created at the same path.
    • Check if service restarted successfully.
  • ASTERISK
    • /opt/pbxware/pw/etc/asterisk - asterisk.pem (private key and certificate concatenated in one file)
    • After first successful install, backup file asterisk.pem.bak will be created at the same path.
    • There is no need for service restart.
  • HTTPD (SETUP WIZARD ITSELF)
    • /opt/httpd/etc/ - server.key (private key and certificate concatenated in one file)
    • After first successful install, backup file server.key.bak will be created at the same path.
    • Check if service restarted successfully (restart will be performed in the background, so that client isn’t aware of the process).

NOTES:

  • If an error occurs in any of the installation steps, all changed files will be restored from their backups (if any) and the corresponding services will restart again.