TryLearn More

Use SIP trunks, WebRTC & Apps

Slash your Phone Bill by 80%

How to Use Your Own SSL & FQDN Certificate with V15 and above

Introduction

3CX v15 and above include the option of allowing 3CX to manage FQDN & SSL certificates at no extra charge. For many companies it is preferable to manage the PBX via their own Domain Server and Domain. For these installations a certificate needs to be provided during the installation of 3CX, stating the desired FQDN for the PBX.

On this topic

How to Use Your Own SSL & FQDN Certificate with V15 and above

Introduction

Prerequisites

Publicly trusted certificates

Getting Started With Your Own Certificate

Prerequisites

  • You must own your own public domain name (e.g. mycompany.com)
  • You must own your own public manageable DNS (e.g. Google Cloud DNS)
  • You must have an FQDN certificate (e.g. 3cx.mycompany.com)

Publicly trusted certificates

These are automatically issued by 3CX for your installation when using the 3CX top level domains. They are widely accepted by endpoints such as browsers and IP Phones. The authority (the certificate issuing company), ensures the validity of the FQDN ownership before the certificate is handed to the administrator of the domain and against the endpoints. In most cases, this comes with a fee to get “out of the box” trust that removes the warnings which are seen above and hence simplifies remote provisioning. Examples of major players in the trusted certificate market are GoDaddy, Thawte, GeoTrust, and VeriSign.

It is recommended to check with your IP phone endpoints first to make sure that the device has the root CA (the certificate that will remove the warning messages) built into the device by default. Below is a list of IP vendors with a built-in root CA certificate as taken from their admin guides on July 13th 2016. This may of course change at any time:

  • Fanvil - Blindly trust all SSL connections
  • Htek - Blindly trust all SSL connections
  • Snom - TBA
  • Yealink - CA List (Appendix B)

Getting Started With Your Own Certificate

In the below documents  we have outlined the pros and cons of migrating to or starting a V15 or above installation on your own domain.

Obtaining your Own Certificate with GoDaddy

Obtaining your Own Certificate with Start SSL

You must first decide which certification authority you are going to use and find out whether or not it’s implemented into your IP phones by default. Once you have reached a decision, follow the procedures in the documents, depending on the authority you have chosen.