Preparing TLS Certificates for TLS/HTTPS/WebRTC
This guide is for solving the following SSL certificate issues with PortSIP PBX and PortSIP SBC.
- After you complete the PBX and SBC setting up, if you get the self-signed certificates warning in the browser when you access PBX Web Portal by HTTPS or access the WebRTC client, please follow up on the below steps to solve it
- The SSL certificates are expired
Please take the steps listed below.
- 1.Purchase a Domain (for example,
portsip.cc) from the domain provider (for example, Godaddy.) for your PBX and SBC.
- 2.Add an A record in the Domain DNS zone, and resolve the Domain to your PBX IP, for example: point the
uc.portsip.ccto PBX server IP.
- 3.If your SBC is deployed separately from the PBX server, add an A record DNS record and resolve to the SBC server IP, for example, point
sbc.portsip.ccpoint to SBC server IP.
- 5.Generate the CSR file and private key file according to the certificate provider’s guide, and keep the files. Please don't set the password when generating the private key file; usually, you will have two files: the certificate and the private key. Note, please choose the certificates for Nginx.
- 6.Rename the private key file as
- 7.Submit the CRS file to the certificate provider, and download the certificate files after your certificates were approved. This step will end up with two files:
Intermediate CA certificateand
SSL certificate. Note, some providers don't have the
Intermediate CA certificate.
- 8.Please ignore this step if your provider doesn't provide the
Intermediate CA certificate. Use a plain text editor for example Windows Notepad (do not use MS Word) to open the
Intermediate CAfile and
SSL certificatefile, copy the
Intermediate CAcontents to append to the
SSL certificate file, and rename the SSL certificate file as
portsip.pem. In the Linux environment, you can use the below commands to combine the certificate files.
// Append intermediate file to certificate file
cat intermediate.pem >> cert.pem
// Rename certifiate file to portsip.pem
mv cert.pem portsip.pem
- 9.Now you will have two certificate files, the certificate file
portsip.pem, and private key file