SSL Renew

Discussion in '3CX Phone System - General' started by llondono, Jul 13, 2016.

Thread Status:
Not open for further replies.
  1. llondono

    Joined:
    Jun 11, 2015
    Messages:
    6
    Likes Received:
    0
    What is going to be the process for when we need to renew the SSL certificates if we use our own FQDN? Do we just copy and paste the new certificates to the nginx\instance1 folder?
     
  2. garypharr

    Joined:
    Sep 5, 2013
    Messages:
    12
    Likes Received:
    0
    Yeah I need this answered as well as I accidentally used an expired certificate when setting up 3CX v15. I tried installing the current certificate in IIS and using the MMC but that doesn't seem to affect 3CX. I cannot find any place within the 3CX Admin interface to update the certificate??
     
  3. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    I read somewhere in the forums / blog that renewing certificate is possible only while reinstalling the PBX.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. mdages

    Joined:
    Mar 3, 2009
    Messages:
    12
    Likes Received:
    0
    oh no, this is joking isn't it? Ridiculous.
    Is this the understanding of "Zero Admin"?
     
  5. llondono

    Joined:
    Jun 11, 2015
    Messages:
    6
    Likes Received:
    0
    That's what I am getting a response from their support. This is not right!
     
  6. garypharr

    Joined:
    Sep 5, 2013
    Messages:
    12
    Likes Received:
    0
    This can't be correct. No one would make that mistake. There must be a way that just isn't well documented at present. If it does turn out to be true that you must reinstall the PBX in order to refresh the cert, I suppose that is not the end of the world as it is a fairly straightforward process. However, in that case, I would call BS on the Zero Admin claim [not that I ever believed it to begin with ;) ].
     
  7. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,110
    Likes Received:
    143
    There is a misunderstanding here. Also some time is required for us to get up to speed with documentation.

    If you have a 3CX FQDN, the renew process is done automatically - Yes Zero Admin. All we need is a working internet connection and the certificate will be renewed.

    If you have your own certificate then you do the same thing you used to do before. If you have an IIS, you had to give the new certificate manually right? If you used an APACHE webserver, you have to put it manually in the folder. And now you have an NGINX webserver and this did not change - you need to go and put your new certs in the nginx folder.

    We felt the need to delay documentation on this because if you are an admin, and want to import certificates, then I assume that whoever is doing this, knows what he is doing. So he/she should understand SSL and what you need to put in a webserver to do this.

    Go here
    C:\Program Files\3CX Phone System\Bin\nginx\conf\instance1
    and the files should be pretty self explanatory.

    If you want a new fresh cert, then obviously you changed the core of your system - your FQDN. So point your mouse in the direction of control panel for an uninstall yes.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,209
    Likes Received:
    84
    more or less, the covert CN (common name or in other words the external FQDN of your system) must be still in that new cert, if not you would need to resinstall the pbx to change the fqdn. In this folder C:\Program Files\3CX Phone System\Bin\nginx\conf\instance1 are two files. One ends in -crt.pem and the other in -key.pem. While keeping the file names the same just replace them or the content. After restart the nginx web server (only) and the cert is changed!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.