HTTPS SSL Certificates Chain Setup

HTTPS protocol required the certificate to authorized the Hostname/IP. Normally, we suggest you apply for the certificate from qualified certification authorities. In order to make sure the HTTPS safer and avoid the unsafe link prompt when you first log in to the PBX.

Here I am going to introduce how to use Wildcard certificates chain for Yeastar S-Series VoIP PBX.

You can refer to this guide for other certificate providers.


Step 1: Apply Wildcard SSL Certificate through the link click here

And you can check this link to know more about the Wildcard SSL Certificate. click here

Step 2: Then you will get certificates file as below. For example, it contains 3 Trusted Certificates:

  • COMODORSADomanValidationSecureServerCA.crt
  • COMODORSAAddTrustCA.crt
  • AddTrustExternalCARoot.crt

These are root certificate, intermediate certificate or cross-signed certificate files.

1 Certificate file with client certificate:

  • STAR_northrich_nl.crt

1 private key which could be included in the certificate file.

Below is the chain relationship between the 4 certificates. 


Step 4: Create a file with the extension “pem”.

1. Open the certificate and key files by editor (such as Notepad ++), then copy the certificate texts and private key text to the *.pem file. How to confirm which text is certificate or private key?

Certificate text is written like:




Private key text is written like:




For example:



2. Then upload the certificate file to Yeastar S-Series VoIP PBX. The menu path is: Settings> System> Security> Certificate (PBX Certificate).



Step 5: Select the Server Certificate. The menu path is: Settings> System> Security> Service-> Certificate. Click to "Save" and later reboot your system to let it take effect.


Have more questions? Submit a request


Please sign in to leave a comment.