HTTPS SSL Certificates Chain Setup

HTTPS protocol required the certificate to authorized the Hostname/IP. Normally, we suggest you apply for the certificate from qualified certification authorities. In order to make sure the HTTPS safer and avoid the unsafe link prompt when you first log in to the PBX.

Here I am going to introduce how to use Wildcard certificates chain for Yeastar S-Series VoIP PBX.

You can refer to this guide for other certificate providers.

 

Step 1: Apply Wildcard SSL Certificate through the link click here

And you can check this link to know more about the Wildcard SSL Certificate. click here

Step 2: Then you will get certificates file as below. For example, it contains 3 Trusted Certificates:

  • COMODORSADomanValidationSecureServerCA.crt
  • COMODORSAAddTrustCA.crt
  • AddTrustExternalCARoot.crt

These are root certificate, intermediate certificate or cross-signed certificate files.

1 Certificate file with client certificate:

  • STAR_northrich_nl.crt

1 private key which could be included in the certificate file.

Below is the chain relationship between the 4 certificates. 

mceclip1.png

Step 4: Create a file with the extension “pem”.

1. Open the certificate and key files by editor (such as Notepad ++), then copy the certificate texts and private key text to the *.pem file. How to confirm which text is certificate or private key?

Certificate text is written like:

-----BEGIN CERTIFICATE-----

...... Server

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

...... Intermediate

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

......Key

-----END RSA PRIVATE KEY-----

For example:

 

mceclip2.png

2. Then upload the certificate file to Yeastar S-Series VoIP PBX. The menu path is: Settings> System> Security> Certificate (PBX Certificate).

mceclip2.png

 

Step 5: Select the Server Certificate. The menu path is: Settings> System> Security> Service-> Certificate. Click to "Save" and later reboot your system to let it take effect.

mceclip1.png

Have more questions? Submit a request

1 Comments

  • 0
    Avatar

    THX Gary

    Importan Part: The order!

     

    -----BEGIN CERTIFICATE-----

    Server

    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----

    Intermediate

    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----

    KEY

    -----END PRIVATE KEY-----
Please sign in to leave a comment.