SSL Certificate for internal address

[Flash99]

Is it possible to keep the default (3CX provided) SSL certificate for external/public address, but to install a different one for internal access address ?

 

[sip.bg]

Probably not, I use my own purchased certificate for external and internal address, configuring the internal DNS to resolve the FQDN to internal address of the server.

 

[Saqqara]

I would say no, why do you want different ssl certificates

Have you looked at https://www.3cx.com/docs/creating-fqdn-split-dns/

 

[StefanW]

Certificate issuing for any internal domain (like contoso.local) was deprecated to be allowed to be issued by trusted certification authorities , like geoTrust etc.. Therefore you can only use self signed certs but as we know they dont work, as no endpoint knows them to be trusted or bring trust in terms of validity as every one can make the same name (check my write up on this: https://www.3cx.com/blog/docs/ssl-crt-csr/).

Moving frwd, IPv6 is right the solution which will solve the issue as your PBX internal IPv6 address is equal to your public address and then one cert works (which was formally known as Split DNS setup.) again with all valid trust you need .