SSL for Internal FQDN

Discussion in 'Ideas' started by Frank86, Mar 16, 2018.

SSL for Internal FQDN 5 5 1votes
5/5, 1 vote

  1. Frank86

    Joined:
    Jan 18, 2018
    Messages:
    74
    Likes Received:
    3
    When web client connects to company's internal FQDN, all users see a "page not secure" warning. It'd be nice to be able to set up some sort of SSL to avoid the warning.
     
  2. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,321
    Likes Received:
    252
    We use the external FQDN internally :) Problem solved.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Frank86

    Joined:
    Jan 18, 2018
    Messages:
    74
    Likes Received:
    3
    What do you mean by that? Are you having internal users point their web client to the external FQDN instead of the internal one?
     
  4. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,321
    Likes Received:
    252
    I haven't changed the welcome email or anything - but on the Terminal Server, I put an icon shortcut to the https://externalFQDN site.

    If you are hosting the domain yourself, then you may need to do some DNS magic internally. But we are using a 3cx.us domain with their SSL.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 craigreilly, Mar 16, 2018
    Last edited: Mar 16, 2018
  5. Frank86

    Joined:
    Jan 18, 2018
    Messages:
    74
    Likes Received:
    3
    I'm using a 3CX.US domain with their SSL as well. It's all good when users point their 3CX web client to the external FQDN.

    But whey they are inside the office and point the web client to https://internalFQDN (in order to avoid going out to the external FQDN and back in through our firewall), that's when they get the "page is not private" warning.
     
  6. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,321
    Likes Received:
    252
    I just use the External FQDN. (Sorry - I saw my mistake in the other post)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Frank86

    Joined:
    Jan 18, 2018
    Messages:
    74
    Likes Received:
    3
    Gotcha. We might have to do the same.
    Thank you
     
    craigreilly likes this.
  8. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,321
    Likes Received:
    252
    Template change:
    line 50: <li>Go to %%WEBCLIENTURLPUBLIC%%</li>
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Frank86

    Joined:
    Jan 18, 2018
    Messages:
    74
    Likes Received:
    3
    Thank you
     
  10. Saqqara

    Saqqara Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    1,099
    Likes Received:
    166
    configure spilt dns - https://www.3cx.com/docs/creating-fqdn-split-dns/

    Configure your internal dnsserver to map your external fqdn to the internal IP address of the server

    Then you use your 3CX.US domain external and internal without any ssl certificate warnings
     
    #10 Saqqara, Mar 18, 2018
    Last edited: Mar 18, 2018
    simply7 likes this.
  11. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,321
    Likes Received:
    252
    Yep - I just couldn't find the link the other day. Sometimes trying to help is hurting when not enough info is provided... lol.
    Thanks Saqqara for following up with this link.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. Frank86

    Joined:
    Jan 18, 2018
    Messages:
    74
    Likes Received:
    3
    I did that, and also reinstalled 3CX from backup (full backup without FQDN and license). The install process asked me whether I wanted to use my internal IP or my internal FQDN. I selected FQDN, entered my public FQDN as my internal FQDN (since my DNS server has a zone record for it), and all went well.

    However, when I sent myself a test 3CX welcome email, it still says to connect to my (old ?) internal FQDN (pbx.company.local) instead of the new internal one (company.3cx.us) I entered during reinstall. I have no idea why.
     
  13. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,321
    Likes Received:
    252
    Possibly hardcoded in the welcome email... or review the parameter section in settings and search for the old FQDN.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Frank86

    Joined:
    Jan 18, 2018
    Messages:
    74
    Likes Received:
    3
    I'll check the parameters section.

    I also made a change to extension > phone provisioning > network interface from the local IP of the 3CX server (the old internal FQDN was gone as an option) to the new (external-matching) internal FQDN, then sent myself a new Welcome email, and this time the welcome email was as expected. It only shows one URL for the web client.

    I also did an NSLOOKUP from a LAN PC to the external/internal FQDN, and it points to the internal IP of the 3CX server. So, all seems good.