How to use your own FQDN and SSL certificates in 3CX V15
pixel500w-500x1
Zero Admin
With the new Dashboard
pixel500w-500x1
Bulletproof Security
With SSL certs and NGINX
pixel500w-500x1
Install on $150 Appliance
Intel MiniPC architecture
pixel500w-500x1
New, Intuitive Windows Client
More themes, more UC
pixel500w-500x1
More CRM Integrations
Scripting Interface to add your own
pixel500w-500x1
Improved Integrated Web Conferencing
iOS and Android apps included
pixel500w-500x1
Personal Click2Meet URLs

How to Use Your Own SSL & FQDN Certificate with V15

How to Use Your Own SSL & FQDN Certificate with V15

Introduction

3CX v15 includes the option of allowing 3CX to manage FQDN & SSL certificates at no extra charge. For many companies it is preferable to manage the PBX via their own Domain Server and Domain. For these installations a certificate needs to be provided during the installation of 3CX, stating the desired FQDN for the PBX.

On this topic

How to Use Your Own SSL & FQDN Certificate with V15

Introduction

Prerequisites

Publicly trusted certificates

Getting Started With Your Own Certificate

Prerequisites

  • You must own your own public domain name (e.g. mycompany.com)
  • You must own your own public manageable DNS (e.g. Google Cloud DNS)
  • You must have an FQDN certificate (e.g. 3cx.mycompany.com)

Publicly trusted certificates

These are automatically issued by 3CX for your installation when using the 3CX top level domains. They are widely accepted by endpoints such as browsers and IP Phones. The authority (the certificate issuing company), ensures the validity of the FQDN ownership before the certificate is handed to the administrator of the domain and against the endpoints. In most cases, this comes with a fee to get “out of the box” trust that removes the warnings which are seen above and hence simplifies remote provisioning. Examples of major players in the trusted certificate market are GoDaddy, Thawte, GeoTrust, and VeriSign.

It is recommended to check with your IP phone endpoints first to make sure that the device has the root CA (the certificate that will remove the warning messages) built into the device by default. Below is a list of IP vendors with a built-in root CA certificate as taken from their admin guides on July 13th 2016. This may of course change at any time:

  • Fanvil - Blindly trust all SSL connections
  • Htek - Blindly trust all SSL connections
  • Snom - TBA
  • Yealink - CA List

Getting Started With Your Own Certificate

In the below documents  we have outlined the pros and cons of migrating to or starting a V15 installation on your own domain.

Obtaining your Own Certificate with GoDaddy

Obtaining your Own Certificate with Start SSL

You must first decide which certification authority you are going to use and find out whether or not it’s implemented into your IP phones by default. Once you have reached a decision, follow the procedures in the documents, depending on the authority you have chosen.

You might also be interested in:


Ask a Question

Please only post questions in regards to the document you are currently reading.
Technical support or pre sales questions must be posted via the support or sales channels and such comments will be deleted. Thank you for understanding
<