Slider 2TryLearn MoreSlash your Phone bills - Slider Image

Use SIP trunks, WebRTC & Apps

Slash your Phone Bill by 80%

Course Content - Intermediate 3.0

Advanced Installation Options


Welcome to the online training series from 3CX. This module will focus on the advanced installation options of 3CX where you can use your own resources to install 3CX.


What does this mean? By using your own resources you can:

Use your own FQDNs. 3CX provides 3CX domains at no additional cost, but some companies and administrators wish to use their own FQDNs.

Also a 3rd party trusted SSL certificate may be used in lieu of a 3CX provided SSL certificate.

We will see a variety of network setups, which can work with 3CX. In Module 1.0 Installing 3CX, emphasis was given on the simplicity of  3CX in regards to using one network interface. There are some cases, however, where an extra Network Interface Card is required.

We will also see the configuration required to configure the PUSH account for Android devices.


A public domain name is required, which is not provided by 3CX. An example of such a domain is

A DNS server which is controlled by yourself, and can be configured, will also be required.

A trusted SSL certificate and Private key will be required which covers the public FQDN of the PBX you will be installing. An FQDN which could be used in accordance with the above domain is

A static public IP Address will be required, for the FQDN to resolve this IP. Using a 3rd party domain name and FQDN, will require that the PBX is installed with a static public IP Address. The PBX will not be able to update DNS records, as is the case with a 3CX provided domain and FQDN, so a static IP Address will be required.


On your DNS server, you will need to create an A record on your DNS server.

If you are using an external DNS server, you will need to point this to the external IP Address of the PBX. During the installation of the PBX, you will choose the option “I have my own FQDN”.

If you are using an internal DNS server, the A record on the DNS server should point to the internal IP Address of the PBX. This is the required configuration of a split DNS setup, where, the FQDN of the PBX will resolve to either the internal or external IP Address of the PBX, depending on where the DNS request is coming from.

During the installation phase, when choosing the internal interface of the PBX, choose the option “Enter your local FQDN”.

Using a public FQDN does not necessarily mean that you have to use the internal DNS configuration as shown. This is only used in cases where internal FQDNs are used in a corporation, or for failover scenarios.


When using your own SSL certificates, ensure that the Certifying Authority, as well as the certificate you are using, is supported by the endpoint manufacturer.

With the 3CX provided certificates, we have worked with our supported vendors, to ensure that the certificates are supported by the phones we support.

This ensures easy provisioning, especially from remote locations, where the provisioning is done entirely by HTTPS.

The certificate must cover the public FQDN of the PBX. Any changes to the FQDN will require a new certificate to be issued.

Certificates come in a variety of formats. The formats 3CX supports are the following:

CRT and KEY file. An SSL certificate is comprised of 2 files. The actual certificate, the CRT file, which is always accompanied by the KEY file, and will unlock and decrypt the certificate file. Please note that the key file will need to be unencrypted.

Another type of certificate file, which is also supported by 3CX, is the certificate in PFX format. This only requires a password to be entered, in order for the certificate to be decrypted.

We have a guide available on our website, which explains the procedure on how to use your own SSL certificate.


In version 15.5, the FQDN is bound to a License Key. Upon activation in Version 15.5, the FQDN will now be bound to the license. The owner of the license, will receive an email with credentials to the 3CX Customer Portal, that is

This will result in that FQDN being locked to this license key, and no one else being able to use this FQDN. Also, this license key cannot be used with another FQDN.

By logging into the 3CX Customer Portal, you will be able to release the FQDN from the license key, should you wish to change either the license key or FQDN.


To change any information concerning the license and the FQDN, you will need to re-install the PBX, as all the necessary configuration of these is performed during the installation.

To change the FQDN bound to the license key, you can do the following:

Take a backup of the PBX, as was explained during module 2.0 - Updates and upgrades but deselect the option “Include License Key Information & FQDN”

Log in to the 3CX Customer Portal, and release your FQDN from the license key.

Don't forget to download the backup to a safe location!

Uninstall and reinstall the PBX. During the installation of the PBX choose the option to restore from an existing backup. You will be asked for the license key and FQDN information. Enter the existing license key and the NEW FQDN. This will now bind the new FQDN with the license key.


You can also change license key, while keeping the FQDN.

This is a very simple procedure, that only requires you to Replace the license key from within the License page in the Management Console.

You must have an available license key, which does not have an FQDN bound to it though.

Just go to the License page, click Replace License Key and then enter the new License key. This will deactivate the FQDn and all its dependent resources, like Webmeeting from the old license key and transfer them to the new license key.


It’s also possible to change both the license key and the FQDN while keeping the configuration of the PBX.

In order to do so, again, take a backup of the PBX without the “Include License Key Information & FQDN” option.

And yet again, don't forget to download the backup to a safe location!

Uninstall and reinstall the PBX. During the installation of the PBX choose the option to restore from an existing backup. You will be asked for the license key and FQDN information. Enter the new license key and the new FQDN. This will bind the FQDN with the license key.

As the FQDN and License key are different than the ones you were using previously, logging in to the customer portal and releasing the keys is not required for this scenario.

[SLIDE 10]

Moving on to more complex network setups now.

In general, the following rules should be followed when setting up a 3CX PBX with multiple interfaces:

Use only one IP Address per network interface. Avoid using multiple IP Addresses per interface. This can interfere with the smooth operation of the PBX.

If you have more than one interface on the PBX server, ensure that you have only one default gateway across all the interfaces.

If you need to have multiple default gateways, define static routes from within the command prompt of the operating system. Use the ROUTE ADD command in either a windows or Debian operating system.

Please have a look at the guide on our website to learn about the traffic flow and how it will be configured, with the correct routes and metrics.

[SLIDE 11]

Installations of the PBX which have only one interface, are very straight forward. Using multiple interfaces on the PBX is also possible, and also if one of these interfaces has a Public IP Address, which is not conforming to RFC 1918. Just do the following:

When installing the PBX, choose the IP Address NIC2 has, which is a Public IP Address, as the Public IP of the PBX.

When choosing an internal interface, choose NIC1 and set it as the local internal IP Address of the PBX.

After the installation has completed, change the internet facing interface, from NIC1’s IP Address to the IP Address of NIC2.

[SLIDE 12]

When using 3CX clients on the go, with iOS and Android, the 3CX client will be asleep when it is inactive. Using PUSH, the client will be woken up when there is an incoming call.

Mobile devices do not need any further configuration. Android devices, however, can be setup with Google Account settings.

To use PUSH with an Android device, you will need to have a Google Account.  3CX provides a default account, out of the box. You can also use your own Google account. If you have a Gmail account, you already have a Google Account. If not, it is very easy to create one.

You will need to configure the Google account as per the instructions provided in the guide, which is linked from the configuration page in 3CX, then add the Server and Sender ID, to authenticate the account from the PBX.

After configuring the PUSH account, you will need to re-send welcome emails to the clients, to reprovision them.

[SLIDE 13]

Thank you, and goodbye!

Free for up to 1 year! Select preferred deployment:


for Linux on a $200 appliance or as a VM

Get the ISO


for Windows as a VM

Download the setup file

On the cloud

In your Google, Amazon, Azure account

Take the PBX Express