Apache SSL Certificate Setup

Setting Up SSL Certificates in Apache


SSL Certificate Options

  1. The easiest way to get signed certs on your PBX is to create Let's Encrypt certs via the "Certificate Management" module. The down side is they have to be refreshed every 2 months. 
  2. If you don't want to use Let's Encrypt certs you can also use the "Certificate Management" module to install signed certs purchased through a trusted certificate authority.
  3. You can also just use the pre-installed self signed certs.  Many browsers and devices will not trust self-signed certs and may have issues using them.  Whenever possible signed certs are preferred.

  Once you have the certs installed on the PBX via "Certificate Management" you'll need to link them to Apache.
  If your system is registered with Sangoma then you can link the certs via HTTPS Setup in System Admin --> Linking Certificates in Apache via Registered System Admin 
  Otherwise you'll need to manually copy and link the certs --> Linking Certificates in Apache Without Registered System Admin 

Linking Certificates in Apache Without Registered System Admin

  1. If your system isn't registered with Sangoma, and you don't want to register it, you'll need to manually copy the certs installed via Certificate Management to the Apache Directory.
  2. SSH into your PBX using an ssh client like PuTTy and make sure you have root/sudo access.
  3. Find your certs. In the case of Lets Encrypt certs they will be named FQDN.pem/crt/key etc.
    1.  ll -tr /etc/asterisk/keys/
      03_Bash-Cert-List_Marked
  4. Create the pki directory in /etc/httpd/
    mkdir /etc/httpd/pki 
  5. Copy your certs from /etc/asterisk/keys/ to /etc/httpd/pki/ as below changing the <CertName> part of the filename to match your cert names.
    Example:
    cp /etc/asterisk/keys/<CertName>-ca-bundle.crt /etc/httpd/pki/ca-bundle.crt
    cp /etc/asterisk/keys/<CertName>.crt /etc/httpd/pki/webserver.crt
    cp /etc/asterisk/keys/<CertName>.key /etc/httpd/pki/webserver.key
    cp /etc/asterisk/keys/<CertName>.pem /etc/httpd/pki/webserver.pem
  6. Once that's done restart apache via systemctl
    systemctl restart httpd.service 
  7. You shouldn't see any messages once the restart finishes.  If you do there was an error and you'll need to fix before Apache will run.

Linking Certificates in Apache via Registered System Admin

     Once you have the certs installed on the PBX via "Certificate Management" you'll need to link them to apache. 
     If your system is registered with Sangoma then you can use the HTTPS Setup in System Admin
  1. Go to Admin --> System Admin 
    00_Admin-SysAdmin_Marked

  2. Select HTTPS Setup from the right hand menu
    02_Sysadmin-HTTPS_Marked

  3. Select the Settings Tab
    03_Sysadmin-HTTPS-Settings_Marked

  4. Select your Cert from the drop down and Click Install
    01_Cert-Install_Marked

 



    		 RSS of this page