Changing default SSL cert for Provisioning over HTTPS to Cisco Signed Certificate instead of Default

Maybe this is a unique situation, but the https provisioning for the Endpoint Manager module does not have any options to use a different security certificate. By default, it uses the same certificate set up for the web portal under the System Admin module | HTTPS Setup.

Other modules, for example Zulu, or iSyphony, have options to specify the Certificate and Keyfiles to use for Encryption. It would be nice if the system admin module had the option to select the correct certificate to use when you select HTTPS Authentication on the Provisioning Setup section.

For Cisco SPA phones, in order to provision over HTTPS, the phone has to trust the certificate on the server. So you have to get a special cisco certificate and place it on your provisioning server. So the phone trusts it, but the rest of the world does not. So if you use the cisco cert, the phones will provision, but any users hitting https on the rest of the site get error messages.

My workaround was to update the apache config, which is an autogen file, so make copies.
ssh into your pbx and go /etc/httpd/conf.d
make a copy of ssl.conf: cp ssl.conf ssl.conforiginal
edit ssl.conf. Go down to section which has the same port number as the port you are using for https provisioning. For me it is 2443 so I see "VirtualHost default:2443.
Comment out like this to make it use the uploaded cisco certificate:

SSLCertificateFile /etc/asterisk/keys/ciscosigned.crt
SSLCertificateKeyFile /etc/asterisk/keys/ciscosigned.key

#  SSLCertificateFile /etc/httpd/pki/webserver.crt
#  SSLCertificateKeyFile /etc/httpd/pki/webserver.key
#  SSLCertificateChainFile /etc/httpd/pki/ca-bundle.crt

save the file, then make a copy like ssl.conf_moddedgood
Make sure not to make a copy with .conf or apache will try to use it and apache won’t load.

Once done editing, reload apache “service httpd restart”

Now I’m the first to admit that maybe the is already a way to do this in FreePBX, but I could not find it. Works great. I think as long as I don’t change the https setup settings in the System Admin, it should keep my ssl.conf config file in there.

Does anyone know how to create a feature request for the System Admin module?

The “Issues” tab at the top of the screen is your starting point.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.