How to Configure Web Server Certificate for P-Series


The purpose of this article is to guide the user how to configure the certificate for PBX so that user can access PBX web interface by domain or IP address with certificate protection. It can be Intranet usage or Internet usage.



  • Model: P-Series Appliance Edition, P-Series Software Edition
  • Firmware version: Any



1 - Apply the certificate

Confirm which hostname or IP address you need to issue to. So that the certificate will take effect when access PBX hostname or IP address. 

If you need to purchase a certificate from CA(certificate provider), you need offer them a CSR file. Refer to this guide: How to Generate CSR File for Certificate Request

If you would like to make self-signed certificate, you can refer to this guide: How to Use OpenSSL Tool to Generate Certificate Files for Yeastar P-Series TLS Extension Registration


2 - Make a PEM file

After you apply the certificate, you can obtain 2 files. 1 certificate file issued to your PBX hostname or IP address, and 1 private key file match the certificate.

Merge them into a file by notepad. The text sequence should follow the below figure:

PBX certificate is on the top of private key text.


3 - Upload PEM file to PBX

Go to PBX menu: Security-> Security Settings-> Certificates, Choose Certificate Type as "PBX Certificate", Select your PBX file. 

Later reboot your PBX followed by the prompt.


4 - DNS Resolve

If you use hostname to access PBX. You need to make DNS record for you hostname. No matter it's intranet usage or internet usage. Make the record on your DNS provider or your own DNS server.


5 - Port Forwarding

If your PBX is behind NAT for remote access, you need to make port forwarding for default PBX HTTPS port 8088. This is a reference for your IT: Port Forwarding Settings on the Router References


Have more questions? Submit a request


Please sign in to leave a comment.