Preparing TLS Certificates
Please take the steps listed below to get trusted certificates.
Purchase a Domain (for example,
portsip.cc) from the domain provider (for example, Godaddy.) for your PBX and SBC.Add an A record in the Domain DNS zone, and resolve the Domain to your PBX IP, for example: point the
uc.portsip.ccto PBX server IP.If your SBC is deployed separately from the PBX server, add an A record DNS record and resolve to the SBC server IP, for example, point
sbc.portsip.ccpoint to the SBC server IP.Generate the CSR file and private key file according to the certificate provider’s guide, and keep the files. Please don't set the password when generating the private key file; usually, you will have two files: the
certificateand theprivate key. Note: Please choose the certificate type for Nginx.Rename the private key file as
portsip.key.Submit the CRS file to the certificate provider, and download the certificate files after your certificates are approved. This step will end up with two files:
Intermediate CA certificateandTLS certificate. Assume the file names are:The
TLS certificatefile:cert.pemThe
Intermediate CA certificatefile:intermediate.pem
Note that some providers don't have the
Intermediate CA certificate.Please ignore this step if your provider doesn't provide the
Intermediate CA certificate. Use a plain text editor for example Windows Notepad (do not use MS Word) to open theIntermediate CAfile andTLS certificatefile, copy theIntermediate CAcontents to append to theTLS certificate file, and rename the TLS certificate file asportsip.pem. In the Linux environment, you can use the below commands to combine the certificate files.
Rename the certificate file:
Now you will have two certificate files:
Certificate File: portsip.pem,
Private Key file: portsip.key
Now please follow the article Update Certificates to update the certificates.
Last updated