How to Use Your Own SSL & FQDN Certificate

Introduction

3CX can be installed on 3CX-provided FQDN and SSL certificates at no extra charge. For companies that prefer to manage their PBX via their own Domain Server and Domain, an FQDN certificate needs to be provided during 3CX installation for the PBX.

Prerequisites

  • Your own public domain name, e.g. mycompany.com.
  • Your own public and manageable DNS, e.g. Google Cloud DNS.
  • An FQDN certificate for the 3CX PBX, e.g. 3cx.mycompany.com.

Publicly Trusted Certificates

These are automatically issued by 3CX for your installation when using the 3CX top-level domains. They are widely accepted by endpoints such as browsers and IP phones. The Certificate Authority (CA), i.e. the certificate issuing provider, ensures the validity of the FQDN ownership before the certificate is handed to the administrator of the domain and against the endpoints. In most cases, this comes with a fee for “out of the box” trust that removes possible warnings and simplifies remote provisioning. Major players in the trusted certificate market include GoDaddy, Thawte, GeoTrust, and VeriSign.

We recommend that you check your IP phones first to make sure that the root CA, i.e. the certificate that removes the warning messages, is built into each device by default. IP device vendors may change the root CAs they support at any time without warning.

Getting Started With Your Own Certificate

You must first decide which certification authority to use and verify that it is supported by your IP phones by default. Once you have verified this, follow the procedures in the documents provided by your chosen authority.

📄 Note: If using a custom FQDN and signed certificate, the CA and its intermediate certificates may need to be imported at the OS level to be trusted.

Last Updated

This document was last updated on 3 February 2021

https://www.3cx.com/docs/fqdn-ssl-certificate-v15/