How to use 3CX with SSL & FDN certificates from GoDaddy
pixel500w-500x1
Zero Admin
With the new Dashboard
pixel500w-500x1
Bulletproof Security
With SSL certs and NGINX
pixel500w-500x1
Install on $150 Appliance
Intel MiniPC architecture
pixel500w-500x1
New, Intuitive Windows Client
More themes, more UC
pixel500w-500x1
More CRM Integrations
Scripting Interface to add your own
pixel500w-500x1
Improved Integrated Web Conferencing
iOS and Android apps included
pixel500w-500x1
Personal Click2Meet URLs

Obtaining your Own SSL & FQDN Certificate with GoDaddy

Obtaining your Own SSL & FQDN Certificate with GoDaddy

Introduction

A very common SSL certificate issuer, however, you should check whether the IP Phone you are planning on using has an inbuilt root CA by default. If it does not, the result in terms of provisioning, will be exactly the same as if you were to use a self-signed certificate. For all other phone vendors it will be significant improvement. Duration of set up should take about 10 minutes.

On this topic

Obtaining your Own SSL & FQDN Certificate with GoDaddy

Introduction

Getting Started with GoDaddy

Certificate and Key File

Combined PFX File

Fault Detection

Getting Started with GoDaddy

  1. Head over to https://www.godaddy.com/web-security/ssl-certificate and order a “Protect one website” with “Standard SSL” option. You can order this SSL certificate for more than one year to save on renewal hassle.

  1. Go to Checkout in order to purchase the SSL package and proceed to configure the product:

  1. Select from your products “SSL Certificates” and click “Set Up.”

  1. Map the configuration of the order you just made.

  1. Click on the “Manage” button.

  1. Now is the most tricky part. GoDaddy needs a CSR which you need to generate and which will cover your external domain name. To simplify this process you can download the CSR generator and simply answer 3 questions; a custom private KEY and the CSR will be issued. Get the tool from here: CSR Generator.
  2. Copy the content from the “Certificate.csr” file into the GoDaddy text box and make sure that the “Domain Name” correctly reflects your external 3CX domain.

  1. Take a close look at the validation options of GoDaddy if you are the owner of the domain. In the case below, an email was received in the inbox of administrator@domain.ltd with a URL to finalize the verification. There many other methods to do this. Go to the GoDaddy web page about verification processes for more information.

  1. Finally approve the registration of the domain certificate.

  1. Another e-mail will be sent to the account holder of GoDaddy (does not necessarily need to be the same as the verification e-mail).

  1. From the download section for the server, choose “other” and download the ZIP file which contains the files.

 

  1. The random name (not including bundle in the name) is your web server certificate.

  1. Place this in the folder with your CSR and KEY file from before and keep it safe.

  1. During the 3CX installation, direct the PBX to the file path of the .crt file and after to the .key file.

Certificate and Key File

In case the installer detects the path to a filename ending in .cert or .pem, it expects the matching file path to the key in the next step. There is no strict definition on how the key file ending should be and it can range from .key to just a simple .txt. Validation should be done from before.

Certificate files commonly start with the file content of:

-----BEGIN CERTIFICATE-----

whereby key file content starts with the line of:

-----BEGIN PRIVATE KEY-----

Fault Detection

If after the installation the web management console does not load, check if any SSL errors can be seen in the nginx logs. In C:\Program Files\3CX Phone System\Bin\nginx\logs\error.log an emergency error will be generated if any mistake was made in the SSL import.

[emerg] 2568#896: PEM_read_bio_X509_AUX("C:\Program Files\3CX Phone System\Bin\nginx/conf/instance1/ol.eg.com-crt.pem") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

You might also be interested in:


Ask a Question

Please only post questions in regards to the document you are currently reading.
Technical support or pre sales questions must be posted via the support or sales channels and such comments will be deleted. Thank you for understanding
<