Update SSL certificate on V14

Discussion in '3CX Phone System - General' started by jholcombe, Apr 21, 2016.

Thread Status:
Not open for further replies.
  1. jholcombe

    Joined:
    Jul 9, 2014
    Messages:
    79
    Likes Received:
    1
    During installation of V14 I installed our SSL certificate. The certificate is now about to expire. We have renewed the certificate, however I can't find any option in the 3CX interface to install the updated SSL certificate. A search of the manual seems to only indicate certificate installation during install. Can this be done through IIS or will I break something? Is re-installation still the only supported way to update a certificate?

    Thank you,

    --John
     
  2. NickD_3CX

    NickD_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Jun 2, 2014
    Messages:
    1,283
    Likes Received:
    68
    Indeed currently the only supported way of doing this is re-installing the 3CX Phone System, technically speaking however, if you know what you are doing in IIS you should be able to update it manually.

    I haven't ever done it, but someone else here might know something more and willing to share. If though something does go wrong, then re-installing might be a god idea, so make sure you have a Full Backup before diving into anything like this.
     
  3. jholcombe

    Joined:
    Jul 9, 2014
    Messages:
    79
    Likes Received:
    1
    Thank you NickD_3CX!

    Can anyone with 3CX confirm that the only place the certificate is used is in IIS? If 3CX is just adding the certificate to IIS with the 3CX installer, then it would be no problem for me to just update the certificate in IIS. If there are other places in the software the certificate is used, then I would probably re-install so those would be updated, too. If it's just IIS that needs the certificate, I would rather update it there than do a complete re-install...

    Thank you!,

    --John
     
  4. 3CXusername

    3CXusername New Member

    Joined:
    Jul 31, 2014
    Messages:
    183
    Likes Received:
    16
    I would also like confirmation on this.

    thanks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. NickD_3CX

    NickD_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Jun 2, 2014
    Messages:
    1,283
    Likes Received:
    68
    As far as I know, the certificate is not put somewhere else, however I could be wrong.

    One more thing that my be interesting and point you in the right direction is that in folder C:\ProgramData\3CX\Bin\SSL\ in file "3CX_SSL_Conf.ini" if you go and find section (has been edited due to a mistake, it is correct now):
    Code:
    [TrustedCert]
    certpath=C:\Users\Administrator\Desktop\mynew.pfx
    certpass=XXXXXXXXXXXXXXXXXXXXXXX
    
    and write the correct values, save the file, then run the "trustedcert.bat" in the same directory, this *should* import the certificate.

    You still might have to do some manual checks in IIS to make sure that the new cert has been bound correctly and I am nearly certain that you will have to do this on a Virtual PBX for all instances.

    Also you can always open the bat file and see what it does, then do it manually.

    Last, because sometimes things tend to get vague:
    Currently the only supported way of changing/renewing/updating the certificate is through re-installing the 3CX Phone System
     
  6. jholcombe

    Joined:
    Jul 9, 2014
    Messages:
    79
    Likes Received:
    1
    Thank you NickD_3CX,

    I have done as you suggested (except the path and password appear to be reversed in the notes). I updated the C:\ProgramData\3CX\Bin\SSL\3CX_SSL_Conf.ini file with the new certificate information (path and password). I then ran trustedcert.bat. This imported and associated the new certificate just perfectly. No complaints from my users, and the certificate is correct when I access the site. All of the services are still running.

    I will let you know if anything comes up. This is much easier than re-installing 3CX. This functionality should be built-in to the UI.

    FYI if you do this with the wrong password, you'll see a whole bunch of errors scroll by. It does not appear to not cause a problem. I just corrected the password and ran the trustedcert.bat again, and it ran correctly. I do not have 3CX running in a virtual environment.

    Take care,

    --John
     
  7. NickD_3CX

    NickD_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Jun 2, 2014
    Messages:
    1,283
    Likes Received:
    68
    Hi John, thanks for the feedback, I just corrected my typo with the pass and path fields as well.
     
Thread Status:
Not open for further replies.