SSL Certificate for internal address

Discussion in '3CX Phone System - General' started by Flash99, Nov 30, 2017.

Thread Status:
Not open for further replies.
  1. Flash99

    Joined:
    Aug 3, 2017
    Messages:
    79
    Likes Received:
    6
    Is it possible to keep the default (3CX provided) SSL certificate for external/public address, but to install a different one for internal access address ?
     
  2. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    Probably not, I use my own purchased certificate for external and internal address, configuring the internal DNS to resolve the FQDN to internal address of the server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 sip.bg, Nov 30, 2017
    Last edited: Dec 1, 2017
  3. Saqqara

    Saqqara Active Member

    Joined:
    Mar 12, 2014
    Messages:
    874
    Likes Received:
    133
  4. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,199
    Likes Received:
    79
    Certificate issuing for any internal domain (like contoso.local) was deprecated to be allowed to be issued by trusted certification authorities , like geoTrust etc.. Therefore you can only use self signed certs but as we know they dont work, as no endpoint knows them to be trusted or bring trust in terms of validity as every one can make the same name (check my write up on this: https://www.3cx.com/blog/docs/ssl-crt-csr/).

    Moving frwd, IPv6 is right the solution which will solve the issue as your PBX internal IPv6 address is equal to your public address and then one cert works (which was formally known as Split DNS setup.) again with all valid trust you need .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.